This PR was merged into the 3.3 branch.
Discussion
----------
Fixed mistake in exception expectation
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
In some cases, (5 to be exact), the `expectException` is misused while attempting to provide compatibility with the older `setExpectedException` by making use of a non-existent parameter.
Firstly, this makes the tests inconsistent (old PHPUnit version test exception message, while newer one doesn't). Secondly, if PHPUnit interface suddenly starts making use of a 2nd parameter in `expectException`, the existing code might break or cause unexpected side-effects.
Original report: 87bb726712 (commitcomment-24848315)
Commits
-------
03be003 Fixed mistake in exception expectation
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Reject remember-me token if UserCheckerInterface::checkPostAuth() fails
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24525
| License | MIT
| Doc PR | -
I think this is a security hole - a user can remain logged in with a remember me cookie even though they can no longer pass `UserCheckInterface::checkPostAuth()` (could be disabled).
This is a small BC break but shouldn't be an issue as I think it is a bug. I don't think this requires a BC layer but if so, I can add.
Commits
-------
fe190b6ee9 reject remember-me token if user check fails
* 3.3:
[BrowserKit] Handle deprecations triggered in insulated requests
[Bridge\PhpUnit] Handle deprecations triggered in separate processes
[Validator] added magic method __isset() to File Constraint class
[DI] Fix possible incorrect php-code when dumped strings contains newlines
[Translation] minor: remove unused variable in test
never match invalid IP addresses
* 2.8:
[Validator] added magic method __isset() to File Constraint class
[DI] Fix possible incorrect php-code when dumped strings contains newlines
[Translation] minor: remove unused variable in test
never match invalid IP addresses
* 2.7:
[Validator] added magic method __isset() to File Constraint class
[DI] Fix possible incorrect php-code when dumped strings contains newlines
[Translation] minor: remove unused variable in test
never match invalid IP addresses
This PR was squashed before being merged into the 3.4 branch (closes#24535).
Discussion
----------
[TwigBridge] fix BC for FormExtension if renderer is FormRenderer
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/24533
| License | MIT
| Doc PR | -
This fixes some issues within FormExtension since the renderer is now a `FormRenderer`.
Commits
-------
4a2f608f1e [TwigBridge] fix BC for FormExtension if renderer is FormRenderer
This PR was merged into the 3.4 branch.
Discussion
----------
[OptionsResolver] Support array of types in allowed type
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #17032, #15524
| License | MIT
| Doc PR | TBD
This replaces #17032 with a simpler approach to allow an array of types in the allowed types for the options resolver
Note: This implementation doesn't support nested values (I.E `int[][]`), but if there is a strong need for it, I'll add it in another PR
Commits
-------
d066a23860 Support array of types in allowed type
This PR was squashed before being merged into the 3.4 branch (closes#24321).
Discussion
----------
added ability to handle parent classes for PropertyNormalizer
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #24152 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the 3.4,
legacy code removals go to the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
This adds the ability for PropertyNormalizer to normalize/denormalize properties from parent classes.
Commits
-------
5ecafc5e25 added ability to handle parent classes for PropertyNormalizer
This PR was merged into the 3.4 branch.
Discussion
----------
[Console][HttpKernel] Handle new SHELL_VERBOSITY env var, also configures the default logger
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
On the CLI, the behavior of the new default logger is not nice: it's verbosity is controlled by `kernel.debug`, where I would expect to be able to control it by mean of verbosity.
To achieve this, I propose to handle a new `SHELL_VERBOSITY` env var, and use it to control both commands' verbosity, and the logger's log level.
Commits
-------
87bd741f2d [Console][HttpKernel] Handle new SHELL_VERBOSITY, also configures the default logger
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] never match invalid IP addresses
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24424
| License | MIT
| Doc PR |
Commits
-------
8ad32f0ef5 never match invalid IP addresses
* the `phpdocumentor/type-resolver` package was not PHP 7.2 compatible
before release 0.2.1 (see see phpDocumentor/TypeResolver@e224fb2)
* the validator must not call `get_class()` if no object but a class
name was passed to the `validatePropertyValue()` method
* 2.8:
fix merge
Fix 7.2 compat layer
Fix PHP 7.2 support
[HttpFoundation] Add missing session.lazy_write config option
[HttpFoundation] Combine Cache-Control headers
[Form] fix parsing invalid floating point numbers
Escape command usage when displaying it in the text descriptor
Use for=ID on radio/checkbox label.
* 2.7:
Fix 7.2 compat layer
Fix PHP 7.2 support
[HttpFoundation] Add missing session.lazy_write config option
[HttpFoundation] Combine Cache-Control headers
[Form] fix parsing invalid floating point numbers
Escape command usage when displaying it in the text descriptor
Use for=ID on radio/checkbox label.
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] Combine Cache-Control headers
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
If multiple `Cache-Control` headers are added to a `ResponseHeaderBag`, only the first is returned by `$bag->get('Cache-Control')`.
Commits
-------
1f76a70b6f [HttpFoundation] Combine Cache-Control headers
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Throw accurate failures when accessing removed services
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24444
| License | MIT
| Doc PR | -
See linked issue.
This will throw a useful message when accessing a removed service.
When setting a removed service, a deprecation notice will be thrown also so that in master we can throw an exception then.
Commits
-------
fe7f26d4f3 [DI] Throw accurate failures when accessing removed services
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Prefixed env vars and load time inlining are incompatible
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
That's because env var processors are not registered yet.
Commits
-------
91c9287c55 [DI] Prefixed env vars and load time inlining are incompatible
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Turn private defs to non-public ones before removing passes
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24465
| License | MIT
| Doc PR | -
As spotted by @stof in https://github.com/symfony/symfony/issues/24465#issuecomment-334786670.
Commits
-------
e5d0934b87 [DI] Turn private defs to non-public ones before removing passes
This PR was merged into the 2.7 branch.
Discussion
----------
Fix support for PHP 7.2
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | #23671
| License | MIT
| Doc PR | -
There are still the deprecation problem with phpunit since it use `each()`.
There are 3 tests linked to session that I don't know how to fix / what to do, do you have any idea @nicolas-grekas ?
Commits
-------
fdf285b5c9 Fix 7.2 compat layer
e229dd0302 Fix PHP 7.2 support
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Exclude inline services declared in XML from autowiring candidates
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24311
| License | MIT
| Doc PR | -
As reported in #24311, inline services should not be candidates for autowiring.
This PR fixes the issue, but is submitted against 3.4 because there is a potential BC break here, for ppl that didn't realize they relied on this (already deprecated) behavior.
We *could* not merge this PR and consider the deprecation is fine - but in practice, the WTF is hitting several ppl already AFAIK, so we should close that door IMHO.
Commits
-------
d90e7212ea [DI] Exclude inline services declared in XML from autowiring candidates
This PR was merged into the 4.0-dev branch.
Discussion
----------
[Bridge\PhpUnit] Fix infinite loop when running isolated method (bis)
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The blacklisting system is a bit rigid, so let's work around it.
Commits
-------
9d9d596 [Bridge\PhpUnit] Fix infinite loop when running isolated method (bis)
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Use for=ID on radio/checkbox label.
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
I recently let Europe's leading accessibility experts (Funkanu.se) review a site of mine, they gave me (among other) this feedback.
> Putting the checkbox/radio input inside the label is great, but the label still needs the "for=ID". Screen readers like Jaws does not work properly without this attribute.
Commits
-------
53d7857092 Use for=ID on radio/checkbox label.
This PR was merged into the 3.4 branch.
Discussion
----------
[DX][FrameworkBundle] Clarify where to find exceptions for non-registered commands
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ø
| License | MIT
| Doc PR | ø
As a developer, when I saw "Some commands could not be registered." displayed on my console... it wasn't clear ether the next displayed exception was related to this or not. Just adding a reference to the "following errors" would help.
Commits
-------
427212d869 Clarify the exceptions are going to be rendered just after
This PR was merged into the 3.3 branch.
Discussion
----------
[DependencyInjection] remove unused fixtures file
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
I was wondering why the conflict markers in the `master` branch (see b6e9471ded/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services31.php (L43-L52)) did not cause any issues. Turned out that this fixtures file was not used anymore (it was only partially removed in #23022).
Commits
-------
3702e5ff37 remove unused fixtures file
This PR was merged into the 3.4 branch.
Discussion
----------
[Workflow] add guard is_valid() method support
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | Yes
| License | MIT
Workflow guard configuration support expression language like **is_fully_authenticated()**, **has_role()** or **is_granted()**, etc...
I would like to add the support for a new **is_valid()** expression.
Configuration allow to validate subject against specific validation groups to check if a transition can be applied.
In the next configuration exemple, my issue must validate "affectable" validation group to apply "affect" transistion:
```yaml
framework:
workflows:
issue:
marking_store:
type: single_state
arguments:
- state
supports: AppBundle\Entity\Issue
initial_place: created
places:
- created
- affected
- closed
transitions:
affect:
guard: "is_valid(subject, ['affectable'])"
from: created
to: affected
close:
from: completed
to: closed
```
Commits
-------
06d8198714 [Workflow] Added tests for the is_valid() guard expression
9499bc291c [Workflow] Added guard 'is_valid()' method support
* 3.3: (23 commits)
bumped Symfony version to 3.3.11
updated VERSION for 3.3.10
updated CHANGELOG for 3.3.10
bumped Symfony version to 2.8.29
updated VERSION for 2.8.28
updated CHANGELOG for 2.8.28
bumped Symfony version to 2.7.36
updated VERSION for 2.7.35
update CONTRIBUTORS for 2.7.35
updated CHANGELOG for 2.7.35
[Session] fix MongoDb session handler to gc all expired sessions
Updated Test name and exception name to be more accurate
newline at end of file
changed exception message
Ahh, I see. It actually wants a newline!
Removed newline
Created new Exception to throw and modified tests.
Created new Exception to throw and modified tests
Code standard fixes
Changed automatic token generation to throw an exception instead
...
* 2.8:
bumped Symfony version to 2.7.36
updated VERSION for 2.7.35
update CONTRIBUTORS for 2.7.35
updated CHANGELOG for 2.7.35
[Session] fix MongoDb session handler to gc all expired sessions
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Look at headers for switch_user username
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24260
| License | MIT
| Doc PR | n/a
Allowing `switch_user.parameter` config node to be a header name.
It's supported by SwitchUserStatelessBundle and I think it makes sense.
Forgotten in #24260 so targets 3.4 but not a blocker.
Commits
-------
3c801951c8 [Security] Look at headers for switch user username parameter
* 2.7:
bumped Symfony version to 2.7.36
updated VERSION for 2.7.35
update CONTRIBUTORS for 2.7.35
updated CHANGELOG for 2.7.35
[Session] fix MongoDb session handler to gc all expired sessions