This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] remove esi/ssi renderers if inactive
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? |no
| Tests pass? | yes
| Fixed tickets | #25246
| License | MIT
| Doc PR | -
As found out within #25246 the esi/ssi fragment renderer services were registered for < 3.4 even when the framework config for it was disabled.
On 3.4+ this has been fixed already and the service definitions are removed.
With this fix the usual exception message appears when `framework.esi` or `framework.ssi` are disabled and using `render_esi(...)` or `render_ssi(...)`:
```
An exception has been thrown during the rendering of a template ("The "esi" renderer does not exist.").
```
**Note: Some people may see this exception when updating to this patch but this just means they are using esi/ssi without enabling it.**
Commits
-------
e1c36525fd [FrameworkBundle] remove esi/ssi renderers if inactive
This PR was merged into the 3.4 branch.
Discussion
----------
Fixing wrong class_exists on interface
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | symfony/symfony-docs#8873 already does not mention changing anything in the config
This was a bug introduced in #25151 on the 3.4 branch. It's... pretty self-explanatory I hope :).
Cheers!
Commits
-------
be75bd994b Fixing wrong class_exists on interface
* 2.8:
Preserve percent-encoding in URLs when performing redirects in the UrlMatcher
[Console] Fix a bug when passing a letter that could be an alias
add missing validation options to XSD file
* 2.7:
Preserve percent-encoding in URLs when performing redirects in the UrlMatcher
[Console] Fix a bug when passing a letter that could be an alias
add missing validation options to XSD file
This method will only add 'class_exists' as an autoloader if it has not
already been added. This helps alleviate a performance issue when the
same loader is added many times in tests.
* 3.3:
fix merge
[Translation] Fix InvalidArgumentException when using untranslated plural forms from .po files
Fixed exit code with non-integer throwable code
Add suggestions
Added instructions to upgrade Symfony applications to 4.x
This PR was merged into the 3.3 branch.
Discussion
----------
[MonologBridge][WebServerBundle] Add suggestions for using the log server
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | /
| License | MIT
| Doc PR | /
If you want launch `server:log`, you need the monolog bridge and the VarDumper. Optionally, you need EL if you want use `server:log --filter`.
Commits
-------
aca0ddd Add suggestions
* 3.3:
[HttpFoundation] Support 0 bit netmask in IPv6 ()
[DI] Impossible to set an environment variable and then an array as container parameter
[LDAP] added missing dots at the end of some exception messages.
Set `width: auto` on WebProfiler toolbar's reset.
[Process] Dont rely on putenv(), it fails on ZTS PHP
[HttpKernel] detect deprecations thrown by container initialization during tests
[HttpKernel] Fix logging of post-terminate errors/exceptions
[Debug] Fix catching fatal errors in case of nested error handlers
[VarDumper] Fixed file links leave blank pages when ide is configured
Fix hidden currency element with Bootstrap 3 theme
* 2.8:
[HttpFoundation] Support 0 bit netmask in IPv6 ()
Set `width: auto` on WebProfiler toolbar's reset.
[HttpKernel] Fix logging of post-terminate errors/exceptions
[Debug] Fix catching fatal errors in case of nested error handlers
Fix hidden currency element with Bootstrap 3 theme
* 2.7:
[HttpFoundation] Support 0 bit netmask in IPv6 ()
Set `width: auto` on WebProfiler toolbar's reset.
[HttpKernel] Fix logging of post-terminate errors/exceptions
[Debug] Fix catching fatal errors in case of nested error handlers
Fix hidden currency element with Bootstrap 3 theme
* 2.7:
Remove some unused variables, properties and methods
[ExpressionLanguage] Fix parse error on 5.3
[HttpKernel] remove noisy frame in controller stack traces
[ExpressionLanguage] throw an SyntaxError instead of letting a undefined index notice
Fix php doc in Table class
bumped Symfony version to 2.7.40
updated VERSION for 2.7.39
update CONTRIBUTORS for 2.7.39
updated CHANGELOG for 2.7.39
This PR was squashed before being merged into the 3.4 branch (closes#25272).
Discussion
----------
[SecurityBundle] fix setLogoutOnUserChange calls for context listeners
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25267
| License | MIT
| Doc PR | -
As pointed out in https://github.com/symfony/symfony/issues/25267 the `setLogoutOnUserChange` method calls were added to the parent definition `security.context_listener` instead of the concrete child definitions `security.context_listener.*`.
ping @iltar @chalasr
Commits
-------
4eff146 [SecurityBundle] fix setLogoutOnUserChange calls for context listeners
This PR was merged into the 3.3 branch.
Discussion
----------
[FrameworkBundle] Fix a bug where a color tag will be shown when passing an antislash
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25193
| License | MIT
| Doc PR | none
You can see in the [reproducer](e6509ffcb4) when running `bin/console debug:container` that there an error in the ouput (like in the issue) when using a class with `\` in the service name.
This PR fix this wrong output. (even if that feels more developer thingy when there are xml everywhere ;)
Commits
-------
890edf7c38 [FrameworkBundle] Fix a bug where a color tag will be shown when passing an antislash
This PR was merged into the 3.3 branch.
Discussion
----------
[WebProfiler] Disallow viewing dot-files in Profiler
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
The file viewer in the profiler should not open files that were specifically intended to be hidden, like specifically .env files, but similarly files like .htaccess that might expose server configuration knowledge.
Added tests validating both the new and old behavior.
Commits
-------
6a2f518e74 Disallow viewing dot-files in Profiler
The file viewer in the profiler should not open files that were meant
to be hidden, like specifically .env files, but similarly files like
.htaccess that might expose server configuration knowledge.
* 3.3:
Fail as early and noisily as possible
[FrameworkBundle] Fix visibility of a test helper
[link] clear the cache after linking
[link] Prevent warnings when running link with 2.7
[Validator] ExpressionValidator should use OBJECT_TO_STRING to allow value in message
do not eagerly filter comment lines
[WebProfilerBundle], [TwigBundle] Fix Profiler breaking XHTML pages (Content-Type: application/xhtml+xml)
* 2.8:
[FrameworkBundle] Fix visibility of a test helper
[link] clear the cache after linking
[link] Prevent warnings when running link with 2.7
[Validator] ExpressionValidator should use OBJECT_TO_STRING to allow value in message
* 2.7:
[FrameworkBundle] Fix visibility of a test helper
[link] clear the cache after linking
[link] Prevent warnings when running link with 2.7
[Validator] ExpressionValidator should use OBJECT_TO_STRING to allow value in message
* 3.3:
[DI] Fix infinite loop in InlineServiceDefinitionsPass
Do not cache cache attributes if `attributes` is in the context
Test that it do not remove the new flashes when displaying the existing ones
[HttpFoundation] AutExpireFlashBag should not clear new flashes
[FrameworkBundle][Serializer] Remove YamlEncoder definition if Yaml component isn't installed
[DI] Fix tracking of env vars in exceptions
[Form] Don't rely on if http-foundation isn't in FileType
Fix merge
substitute aliases in inline mappings
added ability for substitute aliases when mapping in YAML is on single line
[Console] Fix global console flag when used in chain
* 3.3:
[DI] Dont resolve envs in service ids
Add tests proving it can load annotated files
[WebProfilerBundle] Reset letter-spacing in toolbar
Prefer overflow-wrap to word-break
[Routing] Fix "config-file-relative" annotation loader resources
Make search in debug:container command case-insensitive
`resolveEnvPlaceholders` will return a mixed value
This PR was merged into the 3.4 branch.
Discussion
----------
[*Bundle] Replace some kernel.root_dir by kernel.project_dir
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
92fc2f7 remove more kernel.root_dir parameter refs
4add28b [*Bundle] Replace some kernel.root_dir by kernel.project_dir
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Update translation commands to work with default paths
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/25062
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/8634
This should make translation commands (debug & update) work with `translator.default_path` and `twig.default_path` directories (introduced here in 3.4) and their overridden paths if available.
Would be great to include also the custom paths mapping by the user, either `translator.paths` as `twig.paths`, but I'm not sure about the right way and probably it should be implemented on another branch.
TODO
- [x] Add some tests.
Commits
-------
dc7286625b Update translation commands to work with default paths
This PR was merged into the 3.4 branch.
Discussion
----------
[Lock][Process][FrameworkBundle] fix tests
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
When running tests locally, I have several failures. This fixes them.
Commits
-------
878b08c [Lock][Process][FrameworkBundle] fix tests
* 3.3:
Display a nice error message if the form/serializer component is missing.
Force phpunit-bridge update (bis)
[Bridge/PhpUnit] Fix disabling global state preservation
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Ignore failures when removing the old cache dir
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25066
| License | MIT
| Doc PR | -
ping @phoenixgao can you please check if this improves the situation?
Commits
-------
3c4d168ca9 [FrameworkBundle] Ignore failures when removing the old cache dir
This PR was merged into the 3.4 branch.
Discussion
----------
[TwigBundle][FrameworkBundle] Remove the internals from debug autowiring
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? |no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #24986
| License | MIT
| Doc PR |
#SymfonyConHackday2017
@nicolas-grekas @weaverryan @fabpot @stof It should be OK to review and to merge.
Commits
-------
491839b [TwigBundle][FrameworkBundle] Remove the internals from debug autowiring
This PR was merged into the 3.4 branch.
Discussion
----------
[SecurityBundle] Don't trigger auto-picking notice if provider is set per listener
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24980
| License | MIT
| Doc PR | n/a
Commits
-------
19e891a [SecurityBundle] Don't trigger auto-picking notice if provider is set per listener
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Dont create empty bundles directory by default
| Q | A
| ------------- | ---
| Branch? | 3.4 / 4.1?
| Bug fix? | yes?
| New feature? | no
| BC breaks? | no?
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
we still run `assets:install` by default, which in bundle-less apps gives this annoying empty public/bundles dir and some useless cli output, all the time. This fixes it.
Commits
-------
f8e7478583 [FrameworkBundle] Dont create empty bundles directory
This PR was squashed before being merged into the 3.4 branch (closes#25014).
Discussion
----------
Move deprecation under use statements
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | n/a
Commits
-------
0a5b016 Move deprecation under use statements
* 3.3:
[Bridge\PhpUnit] Disable broken auto-require mechanism of phpunit
[SecurityBundle] Fix syntax error in test
[Console] Remove remaining dead code
bumped Symfony version to 3.3.14
bumped Symfony version to 2.8.32
bumped Symfony version to 2.7.39
updated VERSION for 3.3.13
updated CHANGELOG for 3.3.13
updated VERSION for 2.8.31
updated CHANGELOG for 2.8.31
updated VERSION for 2.7.38
updated CHANGELOG for 2.7.38
Replace array|\Traversable by iterable
Fix ambiguous pattern
* 2.8:
[SecurityBundle] Fix syntax error in test
[Console] Remove remaining dead code
bumped Symfony version to 2.8.32
bumped Symfony version to 2.7.39
updated VERSION for 2.8.31
updated CHANGELOG for 2.8.31
updated VERSION for 2.7.38
updated CHANGELOG for 2.7.38
Replace array|\Traversable by iterable
Fix ambiguous pattern
* 2.7:
[SecurityBundle] Fix syntax error in test
[Console] Remove remaining dead code
bumped Symfony version to 2.7.39
updated VERSION for 2.7.38
updated CHANGELOG for 2.7.38
Replace array|\Traversable by iterable
Fix ambiguous pattern
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Empty event dispatcher earlier in CacheClearCommand
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Once the cache folder is emptied, the event dispatcher cannot be used because service factories are gone. This currently fails very badly when an error is dispatched, but the error listeners are themselves failing to be loaded for this reason.
Commits
-------
a961392 [FrameworkBundle] Empty event dispatcher earlier in CacheClearCommand
* 3.3:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 3.3.13
updated VERSION for 3.3.12
updated CHANGELOG for 3.3.12
bumped Symfony version to 2.8.31
updated VERSION for 2.8.30
updated CHANGELOG for 2.8.30
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
* 2.8:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 2.8.31
updated VERSION for 2.8.30
updated CHANGELOG for 2.8.30
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
* 2.7:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
This PR was merged into the 2.7 branch.
Discussion
----------
Validate redirect targets using the session cookie domain
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
52b06f1c21 [Security] Validate redirect targets using the session cookie domain
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Add default translations path option and convention
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | ToDo
Similar to Twig default path, this proposal adds a `default_path` option under `translator` config:
```yaml
framework:
translator:
default_path: '%kernel.project_dir%/config/translations'
```
adding this default path to the discovered translations dirs. Thus, overriding bundle translations is possible by using this new convention: `config/translations/<BundleName>/messages.en.xlf`.
Also a new container parameter `%translator.default_path%` is defined by external purpose (similar to https://github.com/symfony/symfony/pull/24840)
Note: The current convention `%kernel.root_dir%/Resources/translations` path has priority over the new one.
TODO:
- [x] Add more tests about the new path
- [x] Update changelog
Commits
-------
1a8b1b41c9 Add default translations path option and convention
* 3.3:
[Intl] Update ICU data to 60.1
[YAML] Allow to parse custom tags when linting yaml files
[HttpKernel][Debug] Remove noise from stack frames of deprecations
[Validator] Fix Costa Rica IBAN format
[Bridge/ProxyManager] Remove direct reference to value holder property
[Validator] Add Belarus IBAN format
[FrameworkBundle] Specifically inject the debug dispatcher in the collector
[WebserverBundle] fixed the bug that caused that the webserver would …
update the pull request template
[Stopwatch] minor fix
* 2.8:
[Intl] Update ICU data to 60.1
[Validator] Fix Costa Rica IBAN format
[Bridge/ProxyManager] Remove direct reference to value holder property
[Validator] Add Belarus IBAN format
[FrameworkBundle] Specifically inject the debug dispatcher in the collector
update the pull request template
[Stopwatch] minor fix
* 2.7:
[Intl] Update ICU data to 60.1
[Validator] Fix Costa Rica IBAN format
[Bridge/ProxyManager] Remove direct reference to value holder property
[Validator] Add Belarus IBAN format
[FrameworkBundle] Specifically inject the debug dispatcher in the collector
update the pull request template
[Stopwatch] minor fix
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Add default mapping path for validator component in bundle-less app
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | ToDo
Same approach of https://github.com/symfony/symfony/pull/24833
Commits
-------
4e0daecc63 Add default mapping path for validator component
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Add default mapping path for serializer component in bundle-less app
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | ToDo
> http://symfony.com/doc/current/serializer.html#using-serialization-groups-annotations:
> In addition to the @Groups annotation, the Serializer component also supports Yaml or XML files. These files are automatically loaded when being stored in one of the following locations:
>* The `serialization.yml` or `serialization.xml` file in the `Resources/config/` directory of a bundle;
>* All `*.yml` and `*.xml` files in the `Resources/config/serialization/` directory of a bundle.
Inspired by the second convention, this proposal adds one more but for bundle-less structure. Theoretically this is what it does for you:
```yaml
framework:
serializer:
mapping:
paths:
- '%kernel.project_dir%/config/serializer/'
```
Commits
-------
43895b8dae Add default mapping path for serializer component
This PR was merged into the 3.4 branch.
Discussion
----------
[TwigBundle] Add default Twig templates path as a container param
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24839
| License | MIT
| Doc PR | N/A
Adds a `twig.default_path` container param for easier access to this config in compiler passes.
Commits
-------
81b38ec215 [TwigBundle] Add default Twig templates path as a container param
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Specifically inject the debug dispatcher in the collector
| Q | A
| ------------- | ---
| Branch? | 2.7 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
This ensures we always collect data about events, even when the `event_dispatcher` service is decorated, no matter the decoration order.
Commits
-------
7b3a641acc [FrameworkBundle] Specifically inject the debug dispatcher in the collector
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Add "container.hot_path" tag to flag the hot path and inline related services
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR is the result of my quest to squeeze some performance out of 3.4/4.0.
It builds on two ideas:
- a new `container.inline` tag that identifies the services that are *always* needed. This tag is only applied to a very short list of bootstrapping services (`router`, `event_dispatcher`, `http_kernel` and `request_stack` only). Then, it is propagated to all dependencies of these services, with a special case for event listeners, where only listed events are propagated to their related listeners.
- replacing the PHP autoloader by plain inlined `require_once` in generated service factories, with the benefit of completely bypassing the autoloader for services and their class hierarchy.
The end result is significant, even on a simple Hello World.
Here is the Blackfire profile, results are consistent with `ab` benchmarks:
https://blackfire.io/profiles/compare/b5fa5ef0-755c-4967-b990-572305f8f381/graph
Commits
-------
f7cb559a06 [DI] Add "container.hot_path" tag to flag the hot path and inline related services
* 3.3:
Random fixes
Docblock fixes
[HttpKernel] Enhance deprecation message
[SecurityBundle] Fix the datacollector to properly support decision.object being null
This PR was merged into the 3.3 branch.
Discussion
----------
[SecurityBundle] Fix the datacollector to properly support decision.object being null
| Q | A
| ------------- | ---
| Branch? | 3.3 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #24804 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
Similar to https://github.com/symfony/symfony/pull/23050, when accessing a `Data` clone property through `__get()` and the value is `null` for instance, you'll really get `null` instead of a `Data` instance. The solution is to use `seek` instead whenever we access and try to use `profiler_dump` on a `Data` property that can be a simple scalar like `null` or `false`. AFAIK, `decision.object` is the only one here.
Commits
-------
769a5f204f [SecurityBundle] Fix the datacollector to properly support decision.object being null
This PR was merged into the 2.8 branch.
Discussion
----------
Fix dump panel hidden when closing a dump
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes-ish
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
In the dump panel of the debug bar, when closing a dump the panel sometimes get hidden:
This is because when the size of the panel is reduced, if the mouse is not over it anymore, the `:hover` pseudo-class does not apply anymore.
I "fixed" it by setting a min-height on the panel when closing a dump. The min-height is removed when leaving the panel _on purpose_:
For now I only tested it on Firefox 56 on Arch Linux.
Commits
-------
2e0b263d9c Fix dump panel hidden when closing a dump
* 3.3:
[Serializer] Fix extra attributes when no group specified
[Intl] Make intl-data tests pass and save language aliases again
[Console] Fix CommandTester::setInputs() docblock
[Serializer] readd default argument value
[VarDumper] fix trailling comma when dumping an exception
Remove useless docblocks
[FrameworkBundle] Fix docblocks
[PropertyInfo] Remove useless docblocks
This PR was squashed before being merged into the 2.7 branch (closes#24666).
Discussion
----------
[WebProfilerBundle] add missing tests
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
This PR fixes one test in WebDebugToolbarListenerTest and adds one that was missing (more detailed description is available in the commits description)
Commits
-------
363d3a8cf2 [WebProfilerBundle] add missing tests
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle][Routing] Remove unused logger argument
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
This argument was never used as far as the FrameworkBundle Router was.
But actually don't we want to add the `$logger` argument to this class? It's used by the `UrlGenerator` when `router.strict_requirements` is `false` for instance:
<img width="1064" alt="screenshot 2017-10-29 a 09 57 31" src="https://user-images.githubusercontent.com/2211145/32142080-482bc64e-bc90-11e7-8382-b78b507bae48.PNG">
Commits
-------
dc9492eb6f [FrameworkBundle][Routing] Remove unused logger argument
This PR was merged into the 3.4 branch.
Discussion
----------
symfony/form auto-enables symfony/validator, even when not present
| Q | A
| ------------- | ---
| Branch? | 3.4 or master / 2.7, 2.8 or 3.3 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | not needed
In #24303, we allowed form to be used without the validator component. But, there is a small problem with the logic: the validation system is set to enabled, even if it is not present. If you install form but NOT validator, you see the error:
> Validation support cannot be enabled as the Validator component is not installed.
Assuming the form system really is usable without validation, this should be an easy merge.
Commits
-------
03c0254296 Only enabling validation if it is present
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Move services reset to Kernel::handle()+boot()
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24552
| License | MIT
| Doc PR | -
This is an alternative to #24697 (which uses middlewares).
This PR adds a new `services_resetter` service that the Kernel calls on 2nd root requests to reset services.
Instead of #24697 which plans for optional enabling of the services reset, this approach moves the responsibility of calling the services resetter to the core Kernel class, so that no configuration/middleware/etc. is required at all, and no overhead exists at all for regular requests.
Commits
-------
4501a3688b [HttpKernel] Move services reset to Kernel
* 3.3:
Fixing a bug where non-existent classes would cause issues
[SecurityBundle] hotfix: update phpdocs on logout url
[FrameworkBundle] Do not load property_access.xml if the component isn't installed
Fixed a few spelling mistakes in Luxembourgish translation
* 2.8:
[SecurityBundle] hotfix: update phpdocs on logout url
[FrameworkBundle] Do not load property_access.xml if the component isn't installed
Fixed a few spelling mistakes in Luxembourgish translation
This PR was squashed before being merged into the 2.7 branch (closes#24605).
Discussion
----------
[FrameworkBundle] Do not load property_access.xml if the component isn't installed
| Q | A
| ------------- | ---
| Branch? | 2.7 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/24563#issuecomment-337549147 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
This PR actually aims to fix https://github.com/symfony/symfony/pull/24563#issuecomment-337549147 as the exception introduced in the PR can't be reached anyway when using the FrameworkBundle without the property access component as you'll get:
> Uncaught Symfony\Component\Debug\Exception\ClassNotFoundException: Attempted to load class "PropertyAccessor" from namespace "Symfony\Component\PropertyAccess".
With this fix, you properly get:
> The ObjectNormalizer class requires the "PropertyAccess" component. Install "symfony/property-access" to use it.
Not sure this change really belongs to a patch release, but the original PR was accepted in the 2.7 branch.
Also, I'd rather remove the ObjectNormalizer definition if the component isn't available, as suggested by @xabbuh (https://github.com/symfony/symfony/pull/24563#issuecomment-336795644). But in 2.7, this is the only normalizer registered by default and the [`SerializerPass` throws an exception if no normalizer is registered.](https://github.com/symfony/symfony/blob/2.7/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/SerializerPass.php#L46)
To sum up, either:
1. we completly prevent using the FrameworkBundle and the serializer without the property access component, even if you don't really care about the ObjectNormalizer because you only use your owns specific ones. (and you'll get the exception hinting to install the property access component)
2. we allow using the FrameworkBundle and the serializer without the property access component, so we remove the ObjectNormalizer definition, but the user'll get a `You must tag at least one service as "serializer.normalizer" to use the Serializer service` exception until he configures a normalizer (and we don't get the hint about installing the property access component to enable the ObjectNormalizer. We already have a suggest entry in the composer.json file, though).
To me option 2 looks better. WDYT?
Commits
-------
d297e27600 [FrameworkBundle] Do not load property_access.xml if the component isn't installed
* 3.3:
Ensure DeprecationErrorHandler::collectDeprecations() is triggered
[FrameworkBundle] Allow to disable assets via framework:assets xml configuration
fixed $_ENV/$_SERVER precedence in test framework
[HttpFoundation] Fix FileBag issue with associative arrays
[DI] Throw when a service name or an alias contains dynamic values (prevent an infinite loop)
fix the phpdoc that is not really inherited from response
Minor docblock cleanup
Remove redundant sprintf arguments.
* 2.8:
[HttpFoundation] Fix FileBag issue with associative arrays
fix the phpdoc that is not really inherited from response
Minor docblock cleanup
Remove redundant sprintf arguments.
* 2.7:
[HttpFoundation] Fix FileBag issue with associative arrays
fix the phpdoc that is not really inherited from response
Minor docblock cleanup
Remove redundant sprintf arguments.
This PR was squashed before being merged into the 3.4 branch (closes#24620).
Discussion
----------
[FrameworkBundle][Workflow] Fix deprectation when checking workflow.registry service in dump command
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This PR will declare `workflow.registry` as a public service to avoid deprecation when `WorkflowDumpCommand` checks its existence. It only concerns 3.4 since this `isEnabled` method will be removed in 4.0.
Commits
-------
9e75847090 [FrameworkBundle][Workflow] Fix deprectation when checking workflow.registry service in dump command
* 3.3: (22 commits)
[Routing] Fix resource miss
[Security] Fixed auth provider authenticate() cannot return void
declare argument type
[FrameworkBundle][Serializer] Move normalizer/encoders definitions to xml file & remove unnecessary checks
streamed response should return $this
$isClientIpsVali is not used
content can be a resource
Adding the Form default theme files to be warmed up in Twig's cache
Remove BC Break label from `NullDumper` class
Username and password in basic auth are allowed to contain '.'
Remove obsolete PHPDoc from UriSigner
[Serializer] YamlEncoder: throw if the Yaml component isn't installed
[Serializer] ObjectNormalizer: throw if PropertyAccess isn't installed
[PropertyInfo] Add support for the iterable type
pdo session fix
Fixed pathinfo calculation for requests starting with a question mark. - fix bad conflict resolving issue - port symfony/symfony#21968 to 3.3+
Fixed unsetting from loosely equal keys OrderedHashMap
add DOMElement as return type in Crawler::getIterator to support foreach support in ide
Fixed mistake in exception expectation
[Debug] Fix same vendor detection in class loader
...
* 2.8:
[Routing] Fix resource miss
[Security] Fixed auth provider authenticate() cannot return void
declare argument type
streamed response should return $this
content can be a resource
Adding the Form default theme files to be warmed up in Twig's cache
This PR was merged into the 3.4 branch.
Discussion
----------
adding AdapterInterface alias for cache.app
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no-ish
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | TODO
I'd like to add this alias for autowiring. If only `CacheItemPoolInterface` is available, then it's a bit weird to use the extra Symfony cache features (e.g. tagging), as I'm calling methods on the `CacheItemPoolInterface` that don't exist. I'd rather type-hint `AdapterInterface` and confidently call those (+ get auto-complete).
Commits
-------
454f65a77d adding AdapterInterface alias for cache.app
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] Make sessions secure and lazy
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | not yet
| Fixed tickets | #6388, #6036, #12375, #12325
| License | MIT
| Doc PR | -
The `SessionUpdateTimestampHandlerInterface` (new to PHP 7.0) is mostly undocumented, and just not implemented anywhere. Yet, it's required to implement session fixation preventions and lazy write in userland session handlers (there is https://wiki.php.net/rfc/session-read_only-lazy_write which describes the behavior.)
By implementing it, we would make Symfony session handling much better and stronger. Meanwhile, doing some cookie headers management, this also gives the opportunity to fix the "don't start if session is only read issue".
So, here we are for the general idea. Now needs more (and green) tests, and review of course.
Commits
-------
347939c9b3 [HttpFoundation] Make sessions secure and lazy
* the `phpdocumentor/type-resolver` package was not PHP 7.2 compatible
before release 0.2.1 (see see phpDocumentor/TypeResolver@e224fb2)
* the validator must not call `get_class()` if no object but a class
name was passed to the `validatePropertyValue()` method
* 2.8:
fix merge
Fix 7.2 compat layer
Fix PHP 7.2 support
[HttpFoundation] Add missing session.lazy_write config option
[HttpFoundation] Combine Cache-Control headers
[Form] fix parsing invalid floating point numbers
Escape command usage when displaying it in the text descriptor
Use for=ID on radio/checkbox label.
* 2.7:
Fix 7.2 compat layer
Fix PHP 7.2 support
[HttpFoundation] Add missing session.lazy_write config option
[HttpFoundation] Combine Cache-Control headers
[Form] fix parsing invalid floating point numbers
Escape command usage when displaying it in the text descriptor
Use for=ID on radio/checkbox label.
This PR was merged into the 3.4 branch.
Discussion
----------
[Workflow] add guard is_valid() method support
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | Yes
| License | MIT
Workflow guard configuration support expression language like **is_fully_authenticated()**, **has_role()** or **is_granted()**, etc...
I would like to add the support for a new **is_valid()** expression.
Configuration allow to validate subject against specific validation groups to check if a transition can be applied.
In the next configuration exemple, my issue must validate "affectable" validation group to apply "affect" transistion:
```yaml
framework:
workflows:
issue:
marking_store:
type: single_state
arguments:
- state
supports: AppBundle\Entity\Issue
initial_place: created
places:
- created
- affected
- closed
transitions:
affect:
guard: "is_valid(subject, ['affectable'])"
from: created
to: affected
close:
from: completed
to: closed
```
Commits
-------
06d8198714 [Workflow] Added tests for the is_valid() guard expression
9499bc291c [Workflow] Added guard 'is_valid()' method support
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Look at headers for switch_user username
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24260
| License | MIT
| Doc PR | n/a
Allowing `switch_user.parameter` config node to be a header name.
It's supported by SwitchUserStatelessBundle and I think it makes sense.
Forgotten in #24260 so targets 3.4 but not a blocker.
Commits
-------
3c801951c8 [Security] Look at headers for switch user username parameter
* 3.3:
[FrameworkBundle] Fix bad interface hint in AbstractController
[DI] Improve some deprecation messages
[Cache] Fix race condition in TagAwareAdapter
[Yaml] parse references on merge keys
treat trailing backslashes in multi-line strings
This PR was merged into the 3.4 branch.
Discussion
----------
[Bridge\Doctrine][FrameworkBundle] Deprecate some remaining uses of ContainerAwareTrait
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
With this PR, the last two remaining uses of ContainerAwareTrait will be `Symfony\Component\HttpKernel\Bundle\Bundle` and `Symfony\Bundle\FrameworkBundle\Controller\Controller`.
For Bundle, I think it's legitimate, for Controller, I think it's not, but that we should wait for 4.1 before considering its deprecation, alongside with `ContainerAwareCommand` (maybe).
Commits
-------
df9c8748e3 [Bridge\Doctrine][FrameworkBundle] Deprecate some remaining uses of ContainerAwareTrait
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Make Controller helpers final
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I propose to make all ControllerTrait methods final so we can add type hints.
I also propose to add ControllerTrait::has/get so that AbstractController also has the methods.
This will help move from Controller to AbstractController.
Commits
-------
bbc52a1d14 [FrameworkBundle] Make Controller helpers final
* 3.3: (23 commits)
Tests and fix for issue in array model data in EntityType field with multiple=true
[Form] Fixed PercentToLocalizedStringTransformer to accept both comma and dot as decimal separator, if possible
removed useless PHPDoc
[Form] Fix FormInterface::submit() annotation
[PHPUnitBridge] don't remove when set to empty string
PdoSessionHandler: fix advisory lock for pgsql when session.sid_bits_per_character > 4
HttpCache does not consider ESI resources in HEAD requests
Fix translation for "This field was not expected"
[Routing] Enhance Route(Collection) docblocks
Added improvement for accuracy in MoneyToLocalizedStringTransformer.
Removed unused private property
Use correct verb form in the pull request template
Use PHP_MAXPATHLEN in Filesystem.
Added null as explicit return type (?TokenInterface)
[FrameworkBundle] Fix Routing\DelegatingLoader
Render all line breaks according to the exception message
[Form] Fix phpdoc
[DI] remove confusing code
[Form] Fixed GroupSequence with "constraints" option
[Validator] Clarify UUID validator behavior
...
* 2.8: (22 commits)
Tests and fix for issue in array model data in EntityType field with multiple=true
[Form] Fixed PercentToLocalizedStringTransformer to accept both comma and dot as decimal separator, if possible
removed useless PHPDoc
[Form] Fix FormInterface::submit() annotation
PdoSessionHandler: fix advisory lock for pgsql when session.sid_bits_per_character > 4
HttpCache does not consider ESI resources in HEAD requests
Fix translation for "This field was not expected"
[Routing] Enhance Route(Collection) docblocks
Added improvement for accuracy in MoneyToLocalizedStringTransformer.
Removed unused private property
Use correct verb form in the pull request template
Use PHP_MAXPATHLEN in Filesystem.
Added null as explicit return type (?TokenInterface)
[FrameworkBundle] Fix Routing\DelegatingLoader
Render all line breaks according to the exception message
[Form] Fix phpdoc
[DI] remove confusing code
[Form] Fixed GroupSequence with "constraints" option
[Validator] Clarify UUID validator behavior
[Filesystem] Fixed makePathRelative
...
* 2.7: (22 commits)
Tests and fix for issue in array model data in EntityType field with multiple=true
[Form] Fixed PercentToLocalizedStringTransformer to accept both comma and dot as decimal separator, if possible
removed useless PHPDoc
[Form] Fix FormInterface::submit() annotation
PdoSessionHandler: fix advisory lock for pgsql when session.sid_bits_per_character > 4
HttpCache does not consider ESI resources in HEAD requests
Fix translation for "This field was not expected"
[Routing] Enhance Route(Collection) docblocks
Added improvement for accuracy in MoneyToLocalizedStringTransformer.
Removed unused private property
Use correct verb form in the pull request template
Use PHP_MAXPATHLEN in Filesystem.
Added null as explicit return type (?TokenInterface)
[FrameworkBundle] Fix Routing\DelegatingLoader
Render all line breaks according to the exception message
[Form] Fix phpdoc
[DI] remove confusing code
[Form] Fixed GroupSequence with "constraints" option
[Validator] Clarify UUID validator behavior
[Filesystem] Fixed makePathRelative
...
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Don't clear app pools on cache:clear
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no, but behavior change
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23685
| License | MIT
| Doc PR | -
The cache:clear command currently clears all cache pools by default.
This is not expected and is a bad default behavior (as explained in linked issue).
If we don't want to have that behavior forever, I see no other option than just doing the change, as done here, targeting 3.4.
Commits
-------
b0c04f8354 [FrameworkBundle] Don't clear app pools on cache:clear
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Register a NullLogger from test kernels
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see comment below -->
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
Relates to #24300
This will avoid unnecessary output on Travis or when running FrameworkBundle tests locally:
- before: https://travis-ci.org/symfony/symfony/jobs/281624658#L3594-L3635
- after: https://travis-ci.org/symfony/symfony/jobs/281643868#L3599-L3617
but also needed for anyone running functional tests on their project and using the default logger, in order to not get garbage output.
Do we need to find a more generic solution (like exposing a `framework.default_logger` option so users can set it to false for test)? Or just documenting this?
Commits
-------
c109dcd5ae [FrameworkBundle] Register a NullLogger from test kernels
This PR was merged into the 3.4 branch.
Discussion
----------
[SecurityBundle] Deprecate auto picking the first provider
when no provider is explicitly configured on a firewall
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see comment below -->
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | yes <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | https://symfony-devs.slack.com/archives/C3A2XAQ20/p1506626210000345 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
From @Pierstoval on Slack:
> Hey, guys, I learnt a few days ago that if you don't specify a user provider in a firewall configuration, the security will use the first one in the list. Don't anyone think specifying the user provider should be mandatory ? Or at least mandatory if we have more than one provider registered?
- [x] UPGRADE files
- [x] CHANGELOG
- [x] Fix other tests
- [x] Removal PR #24380
Commits
-------
2d1e3347a6 [SecurityBundle] Deprecate auto picking the first provider
This PR was squashed before being merged into the 3.4 branch (closes#24300).
Discussion
----------
[HttpKernel][FrameworkBundle] Add a minimalist default PSR-3 logger
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This PR provides a minimalist PSR-3 logger that is always available when FrameworkBundle is installed.
By default, it writes errors on `stderr`, regular logs on `stdout` and discards debug data (this is configurable).
This approach has several benefits:
- It's what expect from an app logging systems of major containerization and orchestration tools including [Docker](https://docs.docker.com/engine/admin/logging/view_container_logs/) and [Kubernetes](https://kubernetes.io/docs/concepts/cluster-administration/logging/), as well as most cloud providers such as [Heroku](https://devcenter.heroku.com/articles/logging#writing-to-your-log) and [Google Container Engine](https://kubernetes.io/docs/tasks/debug-application-cluster/logging-stackdriver/). If the app follows this standard (and it's not currently the case with Symfony by default) logs will be automatically collected, aggregated and stored.
- It's in sync with the "back to Unix roots" philosophy of Flex
- Logs are directly displayed in the console when running the integrated PHP web server (`bin/console server:start` or Flex's `make serve`), Create React App also do that for instance.
- It fixes a common problem when installing Flex recipes: many bundles expect a logger service but currently there is none available by default, and you usually get a `"logger" service not found error` (because packages depend of the PSR, but the PSR doesn't provide a logger service).
Commits
-------
9a06513ec7 [HttpKernel][FrameworkBundle] Add a minimalist default PSR-3 logger
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Argon2i Password Encoder
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | WIP
Since the [libsodium RFC](https://wiki.php.net/rfc/libsodium) passed with flying colours, I'd like to kick start a discussion about adding Argon2i as a password encoder to the security component. The initial code proposal in this PR supports both the upcoming public API confirmed for PHP 7.2, and the [libsodium PECL extension](https://pecl.php.net/package/libsodium) for those below 7.2 (available for PHP 5.4+).
#### Concerns
- Should the test cover hash length? At the moment the result of Argon2i is 96 characters, but because the hashing parameters are included in the result (`$argon2i$v=19$m=32768,t=4,p=1$...`) this is not guaranteed.
- I've used one password encoder class because the result *should* be the same whether running natively in 7.2 or from the PECL extension, but should the logic be split out into separate private methods (like `Argon2iPasswordEncoder::encodePassword()`) or not (like in `Argon2iPasswordEncoder::isPasswordValid()`)? Since I can't really find anything concrete on Symfony choosing one way over another I'm assuming it's down to personal preference?
#### The Future
Whilst the libsodium RFC has been approved and the public API confirmed, there has been no confirmation of Argon2i becoming an official algorithm for `passhword_hash()`. If that is confirmed, then the implementation should *absolutely* use the native `password_*` functions since the `sodium_*` functions do not have an equivalent to the `password_needs_rehash()` function.
Any feedback would be greatly appreciated 😃
Commits
-------
be093dd79a Argon2i Password Encoder
Add the Argon2i hashing algorithm provided by libsodium as a core encoder in the Security component, and enable it in the SecurityBundle.
Credit to @chalasr for help with unit tests.
This PR was merged into the 3.4 branch.
Discussion
----------
[TwigBundle] Improve the overriding of bundle templates
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #17557
| License | MIT
| Doc PR | -
### [Overriding a Template that also extends itself](https://twig.symfony.com/doc/2.x/recipes.html#overriding-a-template-that-also-extends-itself)
Now that bundles inheritance is deprecated and removed (#24160, #24161), I'm wondering if we can solve this old issue defining an exclusive namespace only for root bundles in `3.4` just bundles in `4.0`:
```yaml
twig:
paths:
# adding paths behind the scene into TwigExtension
app/Resources/FooBundle/views: Foo
vendor/acme/foo-bundle/Resources/views: Foo
vendor/acme/foo-bundle/Resources/views: !Foo # exclusive
```
Thus, one can decide when use the exclusive namespace to avoid the issue and then [we could to say also](http://symfony.com/doc/current/templating/overriding.html):
> To override the bundle template partially (which contains `block`) creates a new `index.html.twig` template in `app/Resources/AcmeBlogBundle/views/Blog/index.html.twig` and extends from `@!AcmeBlogBundle/Blog/index.html.twig` to customize the bundle template:
```twig
{# app/Resources/FooBundle/views/layout.html.twig #}
{# this does not work: circular reference to itself #}
{% extends '@Foo/layout.html.twig' %}
{# this will work: load bundle layout template #}
{% extends '@!Foo/layout.html.twig' %}
{% block title 'New title' %}
```
I hear other suggestions about the excluse namespace.
We will need to update http://symfony.com/doc/current/templating.html#referencing-templates-in-a-bundle too to add this convention.
WDYT?
Commits
-------
0a658c6eef Add exclusive Twig namespace for bundles path
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Deprecate some compiler passes in favor of tagged iterator args
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
More code that we can drop :)
Commits
-------
fa62e5068e [HttpKernel] Deprecate some compiler passes in favor of tagged iterator args
This PR was merged into the 3.4 branch.
Discussion
----------
[Lock] Use cache connection factories in lock
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no (feature removal)
| BC breaks? | no (if merged in 3.4)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
An alternative to https://github.com/symfony/symfony/pull/24267 to share code between cache and lock.
Commits
-------
95358ac98f Share connection factories between cache and lock
This PR was squashed before being merged into the 3.4 branch (closes#21027).
Discussion
----------
[Asset] Provide default context
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19396
| License | MIT
| Doc PR | should be noted somewhere, ill create an issue
Allows configuring the default asset context to make things works on CLI for example. Same approach as the routing component.
Introduces
```yaml
# parameters.yml
asset.request_context.base_path: '/base/path'
asset.request_context.secure: false
```
Commits
-------
9137d57ecd [Asset] Provide default context
This PR was squashed before being merged into the 3.4 branch (closes#24337).
Discussion
----------
Adding a shortcuts for the main security functionality
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | Big ol' TODO
I'd like one class that I can inject (especially with autowiring) to get access to the User and `isGranted()` methods. This is *really* important... because to get the User currently, you need to type-hint `TokenStorageInterface`... and there are *two*! That's really bad DX!
Questions:
A) I hi-jacked the existing `Security` class... I wanted a simple class called Security
B) I called the service `security.helper`... for lack of a better id.
C) I did not make `Security` implement the 2 other interfaces (`TokenStorageInterface`, `AuthorizationCheckerInterface`... but I suppose we could?)
Cheers!
Commits
-------
0851189 Adding a shortcuts for the main security functionality
This PR was merged into the 3.4 branch.
Discussion
----------
[TwigBundle] register an identity translator as fallback
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/24303#issuecomment-331864529
| License | MIT
| Doc PR |
The Form component can be used without the Translation component.
However, to be able to use the default form themes provided by the
TwigBridge you need to have the `trans` filter to be available.
This change ensure that there will always be a `trans` filter which as
a fallback will just return the message key if no translator is present.
Commits
-------
f0876e5927 register an identity translator as fallback
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] register class metadata factory alias
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24296
| License | MIT
| Doc PR |
Commits
-------
d0235a00cc register class metadata factory alias
* 3.3:
Set a NullLogger in ApcuAdapter when Apcu is disabled in CLI
Minor reword
[HttpKernel] Make array vs "::" controller definitions consistent
Fix tests
[TwigBundle] Remove profiler related scripting
[TwigBundle][WebProfilerBundle] Switch to DOMContentLoaded event
[WebProfilerBundle] Hide inactive tabs from CSS
[TwigBundle] Make deprecations scream in logs
[TwigBundle] Hide logs if unavailable, i.e. webprofiler
[TwigBundle] Break long lines in exceptions
[WebProfilerBundle] Added missing link to profile token
[DI] Fix decorated service merge in ResolveInstanceofConditionalsPass
Preserve URI fragment in HttpUtils::generateUri()
[PhpUnitBridge] do not require an error context
The Form component can be used without the Translation component.
However, to be able to use the default form themes provided by the
TwigBridge you need to have the `trans` filter to be available.
This change ensure that there will always be a `trans` filter which as
a fallback will just return the message key if no translator is present.
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Saltless Encoder Interface
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
A new interface for encoders that do not require a user-generated salt (generate their own built-in) as suggested by @stof ([comment](https://github.com/symfony/symfony/pull/21604/files#r101225470)), this will become useful as more password encoders are added in the future (such as symfony/symfony#21604).
Commits
-------
7c4aa0bccb Saltless Encoder Interface
This PR was squashed before being merged into the 3.3 branch (closes#24244).
Discussion
----------
TwigBundle exception/deprecation tweaks
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes/no
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
- 1st commit) if you view a exception in the profiler, there is no logger available. Making the tab useless, disabled state is now triggered at zero log messages. There's a specialized panel here.
- 2nd commit) when an exception occurs this highlights deprecations in the log table outside the profiler with a warning status. This follows the same signal colors in the profiler.
- 3rd commit) hide the default inactive tabs from CSS to avoid scrollbar flickering.
- 4th commit) favors document.DOMContentLoaded over window.load, we dont want to wait for images to be loaded
Further out-of-scope improvements could be;
- From https://github.com/symfony/symfony/pull/24191; i think the logs table should show a direct `View file` link for every error/deprecation/red or yellow line in here. Traversing with `Show context` is tedious.
- links to file.php for your trigger_error() calls
- links to config.yml for trigger_error() calls by SF
- From #24151; having the same tooling on both sides is nice
- Events/Translations logs is noise, we have specialized panels for those. To further reduce the overall page size container logs can be moved away too, linked from Configuration and/or Logs. Also see #23247
Commits
-------
1c595fcf48 [TwigBundle][WebProfilerBundle] Switch to DOMContentLoaded event
ea4b0966ab [WebProfilerBundle] Hide inactive tabs from CSS
0c10f97f98 [TwigBundle] Make deprecations scream in logs
03cd9e553b [TwigBundle] Hide logs if unavailable, i.e. webprofiler
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Enable assets with templates only if the Asset component is installed
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | -
Commits
-------
5bc0b0527e [FrameworkBundle] Enable assets with templates only if the Asset component is installed
This PR was merged into the 3.3 branch.
Discussion
----------
[TwigBundle] Remove profiler related scripting
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
For sanity.
Also in case of an exception page we conflict with the profiler scripting/css.
```
Uncaught TypeError: Cannot set property 'className' of null
```
Happens because `Sfjs.createTabs` from the profiler tries to process tabs again, which twig has already done. The code doesnt handle this gracefully.
In case of ajax request (edgy yes) we see the CSS conflicting;
Note the table borders. Not sure how and if we want to solve this nor what it might affect otherwise; open for now.
Commits
-------
eb520e1e5b Minor reword
02dcdca014 [TwigBundle] Remove profiler related scripting
This PR was merged into the 3.4 branch.
Discussion
----------
Forward compatibility for the removal of bundle inheritance in 4.0
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Compat layer so that 3.4 and master combinations of framework/twig bundles and http-kernel work together.
Commits
-------
fba7e543d1 added foward compatibility for the removal of bundle inheritance in 4.0
This PR was squashed before being merged into the 3.4 branch (closes#24239).
Discussion
----------
[HttpFoundation] Deprecate compatibility with PHP <5.4 sessions
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR removes functionality added in Symfony 2.1 as a compatibility layer with sessions from PHP <5.4.
- [x] Fix tests
Commits
-------
3deb3940ab [HttpFoundation] Deprecate compatibility with PHP <5.4 sessions
This PR was squashed before being merged into the 3.4 branch (closes#23882).
Discussion
----------
[Security] Deprecated not being logged out after user change
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #17023
| License | MIT
| Doc PR | ~
This PR is an alternative approach to #19033. Due to a behavioral change that could break a lot of applications and websites, I've decided to trigger a deprecation instead of actually changing the behavior as that can be done for 4.0.
Whenever a user object is considered changed (`AbstractToken::hasUserChanged`) when setting a new user object after refreshing, it will now throw a deprecation, paving the way for a behavioral change in 4.0. The idea is that in 4.0 Symfony will simply trigger a logout when this case is encountered.
Commits
-------
22f525b [Security] Deprecated not being logged out after user change
This PR was merged into the 3.4 branch.
Discussion
----------
[Cache] Add ResettableInterface to allow resetting any pool's local state
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
To allow pools to leverage #24155 so that they can be used in multi-request loops.
Commits
-------
14c91f2 [Cache] Add ResettableInterface to allow resetting any pool's local state
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Turn services and aliases private by default, with BC layer
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #20048
| License | MIT
| Doc PR | -
With this PR, all services and aliases are made private by default.
This is done in a BC way, thanks to the layer introduced in #24104.
We will require bundles to explicitly opt-in for "public", either using "defaults", or stating `public="true"` explicitly. Same in DI extension, where calling `->setPublic(true)` will be required in 4.0.
Commits
-------
9948b09 [DI] Turn services and aliases private by default, with BC layer
This PR was merged into the 3.4 branch.
Discussion
----------
[DebugBundle] Fix the var-dumper requirement in composer.json
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The v3.4 of the debug bundle calls `VarCloner::setMinDepth()` and thus requires v3.4+ of the var-dumper component. However, the composer file has not been updated in 30cd70d.
I upped the var-dumper requirement to `~3.4|~4.0`.
Commits
-------
d761a76 Require v3.4+ of the var-dumper component
This PR was squashed before being merged into the 3.4 branch (closes#23747).
Discussion
----------
[Serializer][FrameworkBundle] Add a DateInterval normalizer
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/8267
Could be useful for API needing to submit a duration.
Most code have been adapted from @MisatoTremor's DateInterval form type. Credits to him.
Commits
-------
6185cb1991 [Serializer][FrameworkBundle] Add a DateInterval normalizer
* 2.8:
[CS][2.7] yoda_style, no_unneeded_curly_braces, no_unneeded_final_method, semicolon_after_instruction
[Filesystem] mirror - fix copying content with same name as source/target.
.php_cs.dist - simplify config
[WebProfilerBundle] fixed TemplateManager when using Twig 2 without compat interfaces
* 2.7:
[Filesystem] mirror - fix copying content with same name as source/target.
.php_cs.dist - simplify config
[WebProfilerBundle] fixed TemplateManager when using Twig 2 without compat interfaces
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Reset stopwatch between requests
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23984
| License | MIT
| Doc PR | N/A
Follow-up to #24155. This PR ensures that the stopwatch is reset between requests.
Commits
-------
7c3bdd9 Reset stopwatch.
This PR was merged into the 3.4 branch.
Discussion
----------
Feature #23583 Add current and fallback locales in WDT / Profiler
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23583
| License | MIT
| Doc PR | -
The goal of this PR is to add informations about the locale and the fallback locales in the translation WDT panel / and profiler
Commits
-------
98a8a6c735 Feature #23583 Add current and fallback locales in WDT / Profiler
This PR was merged into the 3.4 branch.
Discussion
----------
[TwigBundle] Add default templates directory and option to configure it
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Feature freeze is coming so this one should be important for the new structure. Moving forward and alternative of https://github.com/symfony/symfony/pull/23339 but I'm proposing `templates/bundles/<BundleName>` instead of `templates/bundles/<BundleTwigNamespace>` to override bundles templates and easy migration from current `app/Resources/<BundleName>/views` convention. Also this fix the pending comments.
Summary:
* Added new option to configure default path for templates directory:
```yaml
twig:
default_path: '%kernel.project_dir%/templates' # default
```
* Added new path convention to override bundle templates `<default_path>/bundles/<BundleName>`:
```
# Examples:
templates/bundles/TwigBundle/Exception/error.html.twig - @Twig/Exception/error.html.twig
templates/bundles/FOSUserBundle/layout.html.twig - @FOSUser/layout.html.twig
```
Current templates in `<kernel.root_dir>/Resources/<BundleName>/views` have priority over the new one, and both have priority over the bundle `views` path.
Commits
-------
a1b391fb00 Add default templates directory and option to configure it
This PR was merged into the 2.7 branch.
Discussion
----------
[WebProfilerBundle] fixed TemplateManager when using Twig 2 without compat interfaces
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yesno
| Fixed tickets | closes#23868
| License | MIT
| Doc PR | n/a
Commits
-------
10204ffe99 [WebProfilerBundle] fixed TemplateManager when using Twig 2 without compat interfaces
* 3.3:
[CS] Apply phpdoc_annotation_without_dot
bumped Symfony version to 3.3.10
updated VERSION for 3.3.9
updated CHANGELOG for 3.3.9
[DomCrawler] Fix conversion to int on GetPhpFiles
Remove `protected_to_private` rule.
Filtering empty uuids in ORMQueryBuilderLoader.
* 3.3:
Revert "bug #24105 [Filesystem] check permissions if dump target dir is missing (xabbuh)"
[Filesystem] skip tests if not applicable
[Fabbot] Do not run php-cs-fixer if there are no change in src/
[Security] Fix exception when use_referer option is true and referer is not set or empty
[HttpKernel] "controller.service_arguments" services should be public
Get KERNEL_DIR through $_ENV too for KernelTestCase
Get KERNEL_CLASS through $_ENV too
check permissions if dump target dir is missing
* 2.8:
Revert "bug #24105 [Filesystem] check permissions if dump target dir is missing (xabbuh)"
[Filesystem] skip tests if not applicable
[Fabbot] Do not run php-cs-fixer if there are no change in src/
[Security] Fix exception when use_referer option is true and referer is not set or empty
Get KERNEL_DIR through $_ENV too for KernelTestCase
check permissions if dump target dir is missing
This PR was merged into the 3.4 branch.
Discussion
----------
Fixed deprecations in WebProfiler tests
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
To avoid this error in tests:
```
The "web_profiler.position" configuration key has been deprecated in Symfony 3.4 and it will be removed in 4.0: 1x
1x in ConfigurationTest::testConfigTree from Symfony\Bundle\WebProfilerBundle\Tests\DependencyInjection
```
Can anybody propose a better solution to fix this issue? Thanks!
Commits
-------
2a696d3 Fixed deprecations in WebProfiler tests
* 2.7:
Revert "bug #24105 [Filesystem] check permissions if dump target dir is missing (xabbuh)"
[Filesystem] skip tests if not applicable
[Fabbot] Do not run php-cs-fixer if there are no change in src/
[Security] Fix exception when use_referer option is true and referer is not set or empty
Get KERNEL_DIR through $_ENV too for KernelTestCase
check permissions if dump target dir is missing
This PR was squashed before being merged into the 3.4 branch (closes#24080).
Discussion
----------
Deprecated the web_profiler.position option
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #23528
| License | MIT
| Doc PR | -
Related to #23728, which removes the feature for Symfony 4.0.
Commits
-------
53387b4335 Deprecated the web_profiler.position option
This PR was merged into the 3.4 branch.
Discussion
----------
[SecurityBundle] Throw a meaningful exception when an undefined user provider is used inside a firewall
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Before
> The service "security.authentication.manager" has a dependency on a non-existent service "security.user.provider.concrete.undefined_provider".
After
> Invalid firewall "main": user provider "undefined_provider" not found.
Commits
-------
b884c6612d Throw a meaningful exception when an undefined user provider is used inside a firewall
* 2.7:
[travis] update to trusty
Fix ArrayInput::toString() for VALUE_IS_ARRAY options/args
[ExpressionLanguage] throws an exception on calling uncallable method
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] be able to enable workflow support explicitly
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24051
| License | MIT
| Doc PR |
Commits
-------
eaa506f562 be able to enable workflow support explicitly
This PR was squashed before being merged into the 3.4 branch (closes#24064).
Discussion
----------
[TwigBridge] Show Twig's loader paths on debug:twig command
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
`bin/console debug:twig`:
This information is not displayed anywhere ATM and it should be important to know:
* The Twig's namespaces availables
* The Twig's paths availables
* The order that templates will be loaded ( regarding its namespace -> LOAD PRIORITY ! )
So it should help us to debug any issue related to circular templates reference, invalid namespaces, unsuccessful attempt to override a template, etc.
WDYT?
Commits
-------
3fdcb40df3 [TwigBridge] Show Twig's loader paths on debug:twig command
This PR was merged into the 3.4 branch.
Discussion
----------
Fix deprecations regarding core commands registered as services
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23624#discussion_r131979501
| License | MIT
| Doc PR | n/a
Current deprecation messages can be confusing (see fixed ticket), this improves them and adds a bunch of missing CHANGELOG/UPGRADE entries on the same topic
Commits
-------
4659975944 Fix deprecations regarding core commands registered as services
* 3.3:
Improved the design of the redirection method in the web toolbar
Update NoSuchPropertyException message for writeProperty
[DI] Don't track merged configs when the extension doesn't expose it
[Cache] Use namespace versioning for backends that dont support clearing by keys
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Add debug:form command
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/23688
| License | MIT
| Doc PR | -
A short class name (e.g. `DateType`) can be passed as `class` argument too (the command will try to resolve its FQCN if it's in known form type namespaces).
Commits
-------
4f040d78fe Add debug:form command
This PR was merged into the 3.4 branch.
Discussion
----------
[Console] Allow commands to provide a default name for compile time registration
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23796
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/issues/8147
Commits
-------
eda7d42955 [Console] Add protected static $defaultName to set the default name of a Command
5d9ae6b56f [Console] Allow commands to provide a default name for compile time registration
This PR was merged into the 3.4 branch.
Discussion
----------
Remove some sf2 references
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Those `sf2` references can be safely remove and changed to `symfony` as there are internal or they don't break anything when upgrading Symfony's version:
* Flashes are ephemeral, so changing the key in the session is not a problem;
* Changing the local storage key for the profiler is not an issue as this is a dev tool.
Commits
-------
1b0265417b removed sf2 references
* 3.3:
[Dotenv] Get env using $_SERVER to work with fastcgi_param and workaround thread safety issues
[Dotenv][WebServerBundle] Override previously loaded variables
[DI] Use GlobResource for non-tracked directories
[WebProfilerBundle] Re add missing link to the controller
This PR was squashed before being merged into the 3.4 branch (closes#23680).
Discussion
----------
[Webprofiler] Added blocks that allows extension of the profiler page.
| Q | A
| ------------- | ---
| Branch? | 3.4 (to be retargeted)
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Im not sure if we allow this but I thought I would try to submit this PR.
The [TranslationBundle](https://github.com/php-translation/symfony-bundle) is extending the Symfony profiler page for translation. It would be great if it didn't have to replace all the contents but just replace some smaller blocks.
Commits
-------
ffd25fb9c2 [Webprofiler] Added blocks that allows extension of the profiler page.
This PR was squashed before being merged into the 3.3 branch (closes#23799).
Discussion
----------
[Dotenv][WebServerBundle] Override previously loaded variables
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23723
| License | MIT
This PR implements @nicolas-grekas's idea about how we could refresh loaded environment variables. See his comment https://github.com/symfony/symfony/issues/23723#issuecomment-320455669
Commits
-------
c5a1218555 [Dotenv][WebServerBundle] Override previously loaded variables
This PR was merged into the 3.3 branch.
Discussion
----------
[WebProfilerBundle] Re add missing link to the controller
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes (because it was on 3.2 but not in 3.3)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
---
Commits
-------
1d10857179 [WebProfilerBundle] Re add missing link to the controller
This PR was squashed before being merged into the 3.4 branch (closes#23665).
Discussion
----------
Create an interface for TranslationWriter
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | ~~~no~~~ yes
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
We should provide an interface for the TranslationWriter. This allows other libraries (php-translation) that depend on the Translation component provide different implementations.
Commits
-------
c25eafa Create an interface for TranslationWriter
This PR was merged into the 3.3 branch.
Discussion
----------
[DI] Use GlobResource for non-tracked directories
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
I noticed that some of my excluded directories are still tracked by the container and changes to files inside them make it recompile. This brought me to the `$trackContents || is_dir($path)` line introduced in #21505.
Commits
-------
048eb18 [DI] Use GlobResource for non-tracked directories
This PR was squashed before being merged into the 3.4 branch (closes#23862).
Discussion
----------
[SecurityBundle] resolve class name parameter inside AddSecurityVotersPass
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23733
| License | MIT
Commits
-------
a86bf52 [SecurityBundle] resolve class name parameter inside AddSecurityVotersPass
This PR was merged into the 3.3 branch.
Discussion
----------
Revert "feature #21038 [FrameworkBundle] deprecated cache:clear with warmup (fabpot)"
This reverts commit 3495b35e4f, reversing
changes made to 7f7b897ee2.
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21038
| License | MIT
| Doc PR | -
Sibling to #23792: there is no need to trigger the deprecation in 3.3 if we un-deprecate in 3.4.
Commits
-------
90099706c6 Revert "feature #21038 [FrameworkBundle] deprecated cache:clear with warmup (fabpot)"
* 3.3:
[VarDumper] Fix tests with phpredis 3.1.3
[DI] Fix reading env vars from fastcgi params
Allow phpdocumentor/reflection-docblock 4.
[VarDumper] play nice with open_basedir when looking for composer.json
This PR was squashed before being merged into the 3.4 branch (closes#23852).
Discussion
----------
Made some SecurityBundle tests case-insensitive to prepare for future Symfony versions
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This is what @nicolas-grekas [told me to do](https://github.com/symfony/symfony/pull/23797#issuecomment-320579781) to unlock #23797.
Commits
-------
9b7750a Made some SecurityBundle tests case-insensitive to prepare for future Symfony versions
This PR was merged into the 3.4 branch.
Discussion
----------
[Profiler] Make the validator toolbar item consistent with the form one
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see comment below -->
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
After more time experiencing it, I changed my mind about https://github.com/symfony/symfony/pull/22554#pullrequestreview-37818648.
I do think replicating the form toolbar item behavior is the best thing to do.
Displaying a different property under some conditions may seem to be a bad idea, but the difference is clearly expressed by the background color used:
|-|-|
|--|--|
|<img alt="screenshot 2017-08-09 a 15 59 56" src="https://user-images.githubusercontent.com/2211145/29125368-de340da4-7d1b-11e7-9b04-8ff395e118f0.PNG">| Red: something wrong happened. Shows the relevant information: the number of violations.|
|<img alt="screenshot 2017-08-09 a 16 00 05" src="https://user-images.githubusercontent.com/2211145/29125374-e28dd6a0-7d1b-11e7-8ed6-b0d7634a5b21.PNG">| Grey: Everything went fine. Acknowledge the validator calls were made and passed by showing the number of calls.|
In any case, everything is clear when hovering the toolbar item (and most users are probably already used to this behavior due to the form item):
|Violations|No violations|
|--|--|
|<img width="173" alt="screenshot 2017-08-09 a 15 51 18" src="https://user-images.githubusercontent.com/2211145/29125023-e35ca602-7d1a-11e7-82d5-0ff3c0d9c46c.PNG">|<img width="172" alt="screenshot 2017-08-09 a 15 51 31" src="https://user-images.githubusercontent.com/2211145/29125037-ebbf0614-7d1a-11e7-8cd2-de6cb963a282.PNG">|
Commits
-------
b622d26978 [Profiler] Make the validator toolbar item consistent with the form one
* 3.3:
fixed CS
[2.8] Modify 2.8 upgrade doc - key option is deprecated.
[DebugBundle] Reword an outdated comment about var dumper wiring
[DI] Fix some docblocks
[DI] Fix some docblocks
Fixed the exception page design in responsive mode
[Console] Log exit codes as debug messages instead of errors
Fixed UPGRADE-4.0 about Container::set
Ignore memcached missing key error on dession destroy
bumped Symfony version to 3.2.14
updated VERSION for 3.2.13
updated CHANGELOG for 3.2.13
* 3.2:
[DebugBundle] Reword an outdated comment about var dumper wiring
Ignore memcached missing key error on dession destroy
bumped Symfony version to 3.2.14
updated VERSION for 3.2.13
updated CHANGELOG for 3.2.13
* 2.8:
fixed CS
[2.8] Modify 2.8 upgrade doc - key option is deprecated.
[DebugBundle] Reword an outdated comment about var dumper wiring
[DI] Fix some docblocks
Ignore memcached missing key error on dession destroy
Github template: Remove EOM 3.2 from branch suggestion
[Security] Fix security.interactive_login event const doc block
Avoid infinite loops when profiler data is malformed
[Bridge\ProxyManager] Dont call __destruct() on non-instantiated services
Docblock improvement
bumped Symfony version to 2.8.27
updated VERSION for 2.8.26
updated CHANGELOG for 2.8.26
bumped Symfony version to 2.7.34
updated VERSION for 2.7.33
update CONTRIBUTORS for 2.7.33
updated CHANGELOG for 2.7.33
[HttpFoundation] Generate safe fallback filename for wrongly encoded filename
This PR was squashed before being merged into the 3.4 branch (closes#23801).
Discussion
----------
Continuation of #23624
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
See https://github.com/symfony/symfony/pull/23624#discussion_r131539736
cc @chalasr
Also included service injection for init:acl + set:acl and simplification of lint:xliff + lintt:yaml.
Btw, i think init:acl needs to be renamed to acl:init :)
Commits
-------
5f637c1 Continuation of #23624
This PR was squashed before being merged into the 3.4 branch (closes#23624).
Discussion
----------
[FrameworkBundle] Commands as a service
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes/no
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Next step towards #23488
It's a work in progress if we want to do all commands at once (im fine :)). But i think we should review `assets:install` first.
Also im assuming framework commands can rely on `getApplication()->getKernel()` from the framework application (we already do that in some commands). That saves a dep on `@kernel`.
And filesystem as a service; perhaps drop that as well :)
Commits
-------
de1dc0b [FrameworkBundle] Commands as a service
This PR was merged into the 3.3 branch.
Discussion
----------
[FrameworkBundle][Workflow] better errors when security deps are missing
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23499#discussion_r128752026
| License | MIT
| Doc PR |
All the referenced services must either be explicitly configured or the SecurityBundle must be installed with some security related config being enabled. Otherwise, you will end up with a not so useful error message.
Commits
-------
56ee4aa better errors when security deps are missing
This PR was merged into the 3.4 branch.
Discussion
----------
Consistently use 7 chars of sha256 for hash-based id generation
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This prevents generating over long service ids, and for filesystem-related changes, makes the Windows 258 chars limit farther.
Commits
-------
bc22cdd034 Consistently use 7 chars of sha256 for hash-based id generation
* 3.3:
Removed useless argument $definition
Fix comment
[Config] Fix checking class existence freshness
bumped Symfony version to 3.3.7
updated VERSION for 3.3.6
updated CHANGELOG for 3.3.6
Bump minimal PHP version to ^5.5.9|>=7.0.8
This PR was merged into the 3.3 branch.
Discussion
----------
[FrameworkBundle] Fix comment
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets |
| License | MIT
| Doc PR |
Actually, DataUriNormalizer runs before the serializer.normalizer.object since it has a higher priority (-920 vs -1000).
Commits
-------
103b23e Fix comment
* 3.3:
[DI] Remove unused props from the PhpDumper
[VarDumper] Keep and reuse array stubs in memory
[ProxyManager] Cleanup fixtures
[Console][WebServerBundle] Use "exec" when possible
[Debug] HTML-escape array key
Add some phpdocs for IDE autocompletion and better SCA
Fixed typo in docblock
* 3.3:
[DI] use assertStringEqualsFile when possible
[VarDumper] Adapt to php 7.2 changes
[DI] Fix using private services in expressions
[Form][TwigBridge] Don't render _method in form_rest() for a child form
[Form] Static call TimezoneType::getTimezones
Removed references for non existent validator constraints
Suggest using quotes instead of Yaml::PARSE_KEYS_AS_STRINGS
[DI] Fix test
[Cache] Handle unserialization failures for Memcached
Remove unused prop + added @deprecated
Remove unused mocks/vars
[DoctrineBridge][PropertyInfo] Added support for Doctrine Embeddables
[Validator] Fix IbanValidator for ukrainian IBANs
Router: allow HEAD method to be defined first
[WebProfilerBundle] Display trace and context in the logger profiler
Fixing a bug where if a core class was autowired, autowiring tried to autowire optional args as if they were required
* 3.2:
[DI] use assertStringEqualsFile when possible
[VarDumper] Adapt to php 7.2 changes
[DI] Fix using private services in expressions
[Form][TwigBridge] Don't render _method in form_rest() for a child form
[Form] Static call TimezoneType::getTimezones
Removed references for non existent validator constraints
Remove unused mocks/vars
[DoctrineBridge][PropertyInfo] Added support for Doctrine Embeddables
[Validator] Fix IbanValidator for ukrainian IBANs
This PR was merged into the 3.3 branch.
Discussion
----------
[WebProfilerBundle] Display trace and context in the logger profiler
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Right now the behavior is not perfect. It can display only the trace **or** the context.
Some time, we want both.
More over, using `{{ profiler_dump_log(log.message, trace) }}` is wrong
Commits
-------
ef1e50802e [WebProfilerBundle] Display trace and context in the logger profiler
This PR was merged into the 4.0-dev branch.
Discussion
----------
[Console] Make SymfonyQuestionHelper::ask optional by default
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes (nothing in core depends on it)
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
i noticed when writing commands i always keep doing
```php
$io = new SymfonyStyle($input, $output);
$answer = $io->ask('...', null, function ($value) { return $value; });
// instead of just
$answer = $io->ask('...');
```
only to bypass a built-in validation, of which im not sure why it's there. Note the base question helper doesnt make this assumption...
Commits
-------
2da429cd0a [Console] Make SymfonyQuestionHelper::ask optional by default
This PR was squashed before being merged into the 3.4 branch (closes#23519).
Discussion
----------
[TwigBundle] Commands as a service
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
tiny step towards #23488
Commits
-------
98391402d1 [TwigBundle] Commands as a service
* 3.3:
use Precise on Travis to keep PHP LDAP support
Fix case sensitive sameSite cookie
[PropertyInfo] Use rawurlencode to escape PSR-6 keys
fix(security): ensure the 'route' index is set before attempting to use it
Fix the design of the profiler exceptions when there is no message
[Config] Minor fix
[WebProfilerBundle] Fix full sized dump hovering in toolbar
* 3.2:
use Precise on Travis to keep PHP LDAP support
Fix case sensitive sameSite cookie
[PropertyInfo] Use rawurlencode to escape PSR-6 keys
fix(security): ensure the 'route' index is set before attempting to use it
[WebProfilerBundle] Fix full sized dump hovering in toolbar
* 2.8:
use Precise on Travis to keep PHP LDAP support
fix(security): ensure the 'route' index is set before attempting to use it
[WebProfilerBundle] Fix full sized dump hovering in toolbar
- added `Symfony\Component\Cache\PruneableInterface` so PSR-6 or PSR-16 cache implementations can declare support
for manual stale cache pruning
- added FilesystemTrait::prune() and PhpFilesTrait::prune() implementations
- now FilesystemAdapter, PhpFilesAdapter, FilesystemCache, and PhpFilesCache implement PruneableInterface and
supports manual stale cache pruning
- Added `cache:pool:prune` command via `Symfony\Bundle\FrameworkBundle\Command\CachePoolPruneCommand` to allow
manual stale cache item pruning of supported PSR-6 and PSR-16 cache pool implementations
- Added `Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\CachePoolPrunerPass` compiler pass to fetch
all cache pools implementing `PruneableInterface` and pass them to the command as an `IteratorArgument` so
these references are lazy loaded by the command
- updated changelogs as appropriate
This PR was merged into the 2.8 branch.
Discussion
----------
[WebProfilerBundle] Fix full sized dump hovering in toolbar
| Q | A
| ------------- | ---
| Branch? | 2.8 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #23563 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
Since #22953, the dump block shown on hovering the toolbar item takes the full width. But at least on OS X chrome, safari and firefox, the behavior is buggy and makes it unusable as the cursor can't reach the dumped content:
Honestly, I don't really understand the issue here and tried some tweaks until it works everywhere, (including trying to add a `.no-resize` class on `sf-toolbar-info` to avoid executing the related js event listener in case it was conflicting).
As shown in the screenshot, it also fixes the case where the dump wasn't full width under a certain size.
Commits
-------
28930c5 [WebProfilerBundle] Fix full sized dump hovering in toolbar
* 3.3:
[Security] added more tests
[Security] fixed default target path when referer contains a query string
[Security] simplified tests
[Security] refactored tests
[WebProfilerBundle][TwigBundle] Fix infinite js loop on exception pages
[FrameworkBundle] fix ValidatorCacheWarmer: use serializing ArrayAdapter
Change "this" to "that" to avoid confusion
[VarDumper] Move locale sniffing to dump() time
[VarDumper] Use "C" locale when using "comma" flags
[Config] Make ClassExistenceResource throw on invalid parents
This PR was merged into the 3.4 branch.
Discussion
----------
[DebugBundle] Added min_depth to Configuration
This enables calling the recently-added `setMinDepth` function on `VarCloner`.
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | symfony/symfony-docs#8185
Commits
-------
30cd70d [DebugBundle] Added min_depth to Configuration
* 3.3:
[FrameworkBundle] Set default public directory on install assets
[Security] Fix wrong term in UserProviderInterface
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
disable inlining deprecated services
[Cache] add constructor docblocks for clarity
[WebServerBundle] allowed public/ root directory to be auto-discovered along side web/
[WebServerBundle] remove duplicate code
[SecurityBundle] Clarify deprecation in UserPasswordEncoderCommand::getContainer
[Cache] add constructor docblocks for clarity
[Security] validate empty passwords again
[DI] Remove irrelevant comment from container
[TwigBridge] cleaner implementation of the TwigRenderer
This PR was squashed before being merged into the 3.3 branch (closes#23513).
Discussion
----------
[FrameworkBundle] Set default public directory on install assets
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
After https://github.com/symfony/flex/pull/122 and https://github.com/symfony/recipes/pull/106 the default directory to install assets is `public`.
Commits
-------
1bdfe0b39b [FrameworkBundle] Set default public directory on install assets
This PR was squashed before being merged into the 3.3 branch (closes#23535).
Discussion
----------
Make server:* commands work out of the box with the public/ root dir
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
The first commit removes code that is not needed as the WebserverConfig class already throws the exact same error and the display is exactly the same in that case.
The second commit adds support for `public/` along side `web/`.
Commits
-------
34c8566be1 [WebServerBundle] allowed public/ root directory to be auto-discovered along side web/
bc6b57c208 [WebServerBundle] remove duplicate code
* 3.3:
[Profiler] Fix data collector getCasters() call
remove symfony/process suggestion
[DI] Remove unused dynamic property
[Process] Fixed issue between process builder and exec
non-conflicting anonymous service ids across files
This PR was merged into the 3.4 branch.
Discussion
----------
[Console] Add support for command lazy-loading
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/12063https://github.com/symfony/symfony/pull/16438https://github.com/symfony/symfony/pull/13946#21781
| License | MIT
| Doc PR | todo
This PR adds command lazy-loading support to the console, based on PSR-11 and DI tags.
(https://github.com/symfony/symfony/issues/12063#issuecomment-57173784)
Commands registered as services which set the `command` attribute on their `console.command` tag are now instantiated when calling `Application::get()` instead of all instantiated at `run()`.
__Usage__
```yaml
app.command.heavy:
tags:
- { name: console.command, command: app:heavy }
```
This way private command services can be inlined (no public aliases, remain really private).
With console+PSR11 implem only:
```php
$application = new Application();
$container = new ServiceLocator(['heavy' => function () { return new Heavy(); }]);
$application->setCommandLoader(new ContainerCommandLoader($container, ['app:heavy' => 'heavy']);
```
Implementation is widely inspired from Twig runtime loaders (without the definition/runtime separation which is not needed here).
Commits
-------
7f97519 Add support for command lazy-loading
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] make it possible to configure a custom access decision manager service
| Q | A |
| --- | --- |
| Branch? | 3.4 |
| Bug fix? | no |
| New feature? | yes |
| BC breaks? | no |
| Deprecations? | no |
| Tests pass? | yes |
| Fixed tickets | #942, #14049, #15295, #16828, #16843, |
| License | MIT |
| Doc PR | TODO |
These changes will make it possible to let users define their own voting strategies without the need for custom compiler passes that replace the built-in `AccessDecisionManager` (see linked issues in the PR table for some use cases).
Commits
-------
e0913a2 add option to define the access decision manager
* 3.3:
Don't display the Symfony debug toolbar when printing the page
do not wire namespaces for the ArrayAdapter
check _controller attribute is a string before parsing it
[Cache] Added test for ApcuAdapter when using in CLI
allow to configure custom formats in XML configs
[HttpKernel] fix DumpDataCollector tests
[FrameworkBundle] fix changelog
[WebProfilerBundle] Cleanup profiler leftover
[DotEnv] Fix variable substitution
require the XML PHP extension
Fix phpdoc for serializer normalizers exceptions
Fixed absolute url generation for query strings and hash urls
bumped Symfony version to 2.8.25
updated VERSION for 2.8.24
updated CHANGELOG for 2.8.24
bumped Symfony version to 2.7.32
[Filesystem] Dont copy perms when origin is remote
updated VERSION for 2.7.31
update CONTRIBUTORS for 2.7.31
updated CHANGELOG for 2.7.31
* 3.2:
Don't display the Symfony debug toolbar when printing the page
do not wire namespaces for the ArrayAdapter
[Cache] Added test for ApcuAdapter when using in CLI
allow to configure custom formats in XML configs
[HttpKernel] fix DumpDataCollector tests
[FrameworkBundle] fix changelog
[WebProfilerBundle] Cleanup profiler leftover
require the XML PHP extension
Fix phpdoc for serializer normalizers exceptions
Fixed absolute url generation for query strings and hash urls
bumped Symfony version to 2.8.25
updated VERSION for 2.8.24
updated CHANGELOG for 2.8.24
bumped Symfony version to 2.7.32
[Filesystem] Dont copy perms when origin is remote
updated VERSION for 2.7.31
update CONTRIBUTORS for 2.7.31
updated CHANGELOG for 2.7.31
* 2.8:
Don't display the Symfony debug toolbar when printing the page
allow to configure custom formats in XML configs
require the XML PHP extension
Fixed absolute url generation for query strings and hash urls
bumped Symfony version to 2.8.25
updated VERSION for 2.8.24
updated CHANGELOG for 2.8.24
bumped Symfony version to 2.7.32
[Filesystem] Dont copy perms when origin is remote
updated VERSION for 2.7.31
update CONTRIBUTORS for 2.7.31
updated CHANGELOG for 2.7.31
* 2.7:
allow to configure custom formats in XML configs
require the XML PHP extension
Fixed absolute url generation for query strings and hash urls
bumped Symfony version to 2.7.32
[Filesystem] Dont copy perms when origin is remote
updated VERSION for 2.7.31
update CONTRIBUTORS for 2.7.31
updated CHANGELOG for 2.7.31
The `framework.serializer.cache` option was also deprecated in Symfony
3.1. This was documented in the upgrade file, but was not reflected in
the bundle's changelog.
* 3.3: (33 commits)
Preserve HttpOnly value when deserializing a header
[DX] [TwigBundle] Enhance the new exception page design
Fix deprecated message
[DI][Security] Prevent unwanted deprecation notices when using Expression Languages
bumped Symfony version to 3.3.5
updated VERSION for 3.3.4
updated CHANGELOG for 3.3.4
[VarDumper] Reduce size of serialized Data objects
bumped Symfony version to 3.2.12
updated VERSION for 3.2.11
updated CHANGELOG for 3.2.11
fixed bad merge
Fix indent of methods
[Cache] Handle APCu failures gracefully
[DoctrineBridge] Use normalizedIds for resetting entity manager services
[FrameworkBundle] Do not remove files from assets dir
[FrameworkBundle] 3.3: Don't get() private services from debug:router
bumped Symfony version to 3.3.4
updated VERSION for 3.3.3
updated CHANGELOG for 3.3.3
...
This PR was squashed before being merged into the 3.3 branch (closes#22439).
Discussion
----------
[DX] [TwigBundle] Enhance the new exception page design
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
- [x] Fix the problem with wrapping wide lines (https://github.com/symfony/symfony/pull/20951#issuecomment-292201983)
I got motivated by recent PR https://github.com/symfony/symfony/pull/20951 and redesigned the exception page even more.
Compare before: 
with after: 
(Ignore the the "sf" toolbar icon in the middle of the page. This is how Firefox does full-page screenshots.)
The most noticeable changes:
- removed double line spacing (it just does not feel natural)
- file context increased from 3 to 10 lines (it helps me to better orientate in the code)
- added horizontal scrollbar for the cases when the code is wider
- the highlighted line color is more saturated in order to be noticed easily
Commits
-------
43212b9a90 [DX] [TwigBundle] Enhance the new exception page design
* 3.2:
fixed bad merge
[Cache] Handle APCu failures gracefully
[FrameworkBundle] Do not remove files from assets dir
bumped Symfony version to 3.2.11
updated VERSION for 3.2.10
updated CHANGELOG for 3.2.10
bumped Symfony version to 2.8.24
updated VERSION for 2.8.23
updated CHANGELOG for 2.8.23
bumped Symfony version to 2.7.31
updated VERSION for 2.7.30
update CONTRIBUTORS for 2.7.30
updated CHANGELOG for 2.7.30
* 2.8:
[FrameworkBundle] Do not remove files from assets dir
bumped Symfony version to 2.8.24
updated VERSION for 2.8.23
updated CHANGELOG for 2.8.23
bumped Symfony version to 2.7.31
updated VERSION for 2.7.30
update CONTRIBUTORS for 2.7.30
updated CHANGELOG for 2.7.30
* 2.7:
[FrameworkBundle] Do not remove files from assets dir
bumped Symfony version to 2.7.31
updated VERSION for 2.7.30
update CONTRIBUTORS for 2.7.30
updated CHANGELOG for 2.7.30
This PR was merged into the 3.3 branch.
Discussion
----------
[FrameworkBundle] call setContainer() for autowired controllers
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23200, FriendsOfSymfony/FOSRestBundle#1719
| License | MIT
| Doc PR |
Previously, you either did not use controllers as services or you explicitly wired everything yourself. In case of a non-service controller the FrameworkBundle took care of calling `setContainer()` inside the `instantiateController()` method:
```php
protected function instantiateController($class)
{
$controller = parent::instantiateController($class);
if ($controller instanceof ContainerAwareInterface) {
$controller->setContainer($this->container);
}
if ($controller instanceof AbstractController && null !== $previousContainer = $controller->setContainer($this->container)) {
$controller->setContainer($previousContainer);
}
return $controller;
}
```
With the new autowired controllers as services this is no longer happening as controllers do not need to be instantiated anymore (the container already returns fully built objects).
Commits
-------
1d07a28 call setContainer() for autowired controllers
This PR was merged into the 3.4 branch.
Discussion
----------
Change wording from object to subject
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| License | MIT
The authorization checker has been changed to support any value
recently. The naming should reflect that to avoid confusion.
Refs https://github.com/sonata-project/SonataAdminBundle/issues/4518
Commits
-------
d261894c6e Change wording from object to subject
* 3.3:
Misspelled word
Display a better error design when the toolbar cannot be displayed
do not validate empty values
[Cache] fix cleanup of expired items for PdoAdapter
[Dotenv] clean up before running assertions
[Console] fix description of INF default values
parse escaped quotes in unquoted env var values
[PropertyAccess] Fix TypeError discard
[Validator] Throw exception on Comparison constraints null options
[FrameworkBundle] Display a proper warning on cache:clear without the --no-warmup option
[Security] Fix Firewall ExceptionListener priority
Identify tty tests in Component/Process
[Workflow] Added more events to the announce function
[Validator] Remove property path suggestion for using the Expression validator
[WebProfilerBundle] Fix css trick used for offsetting html anchor from fixed header
[Security] Fix annotation
* 3.2:
Misspelled word
Display a better error design when the toolbar cannot be displayed
do not validate empty values
[Cache] fix cleanup of expired items for PdoAdapter
[Console] fix description of INF default values
[PropertyAccess] Fix TypeError discard
[Validator] Throw exception on Comparison constraints null options
Identify tty tests in Component/Process
[Workflow] Added more events to the announce function
[Validator] Remove property path suggestion for using the Expression validator
[WebProfilerBundle] Fix css trick used for offsetting html anchor from fixed header
[Security] Fix annotation
* 2.8:
Misspelled word
Display a better error design when the toolbar cannot be displayed
do not validate empty values
[Console] fix description of INF default values
[PropertyAccess] Fix TypeError discard
[Validator] Throw exception on Comparison constraints null options
Identify tty tests in Component/Process
[Security] Fix annotation
* 2.7:
Misspelled word
Display a better error design when the toolbar cannot be displayed
do not validate empty values
[Console] fix description of INF default values
[PropertyAccess] Fix TypeError discard
[Validator] Throw exception on Comparison constraints null options
Identify tty tests in Component/Process
[Security] Fix annotation
This PR was squashed before being merged into the 2.7 branch (closes#23274).
Discussion
----------
Display a better error design when the toolbar cannot be displayed
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes (failure unrelated)
| Fixed tickets | https://github.com/symfony/symfony/pull/23266
| License | MIT
| Doc PR | n/a
Fixing the left position of the bar (tested in app without style) and escaping the literal newline (ES5) as some IDEs fails with previous syntax (and Github diff too). Btw, I have added the Symfony icon to make clear that this message comes from Symfony ;)
**Before:**
**After:**
Commits
-------
ed3e403b4b Display a better error design when the toolbar cannot be displayed
This PR was merged into the 3.4 branch.
Discussion
----------
[WebServer] Allow * to bind all interfaces (as INADDR_ANY)
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no-tests
| Fixed tickets | ~
| License | MIT
| Doc PR |
In Python and elsewhere, binding to '*' means '0.0.0.0' (INADDR_ANY). I just added that to WebServer command.
Commits
-------
1880bcfde2 fixed CS
b31ebae4cb Allow * to bind all interfaces (as INADDR_ANY)
* 3.3:
fixed tests
swiftmailer bridge is gone
respect the API in FirewallContext map
[TwigBundle] add back exception check
Dont call count on non countable object
Fix undefined variable $filesystem
* 3.2:
fixed tests
swiftmailer bridge is gone
[TwigBundle] add back exception check
Dont call count on non countable object
Fix undefined variable $filesystem
* 3.3: (64 commits)
Show exception is checked twice in ExceptionController of twig
allow SSI fragments configuration in XML files
Display a better error message when the toolbar cannot be displayed
render hidden _method field in form_rest()
Add Doctrine Cache to dev dependencies to fix failing unit tests.
return fallback locales whenever possible
Fix Predis client cluster with pipeline
[Dotenv] Test load() with multiple paths
[Console] Fix catching exception type in QuestionHelper
Improved the exception page when there is no message
[WebProfilerBundle] Eliminate line wrap on count columnt (routing)
[Validator] replace hardcoded service id
[Routing] Fix XmlFileLoader exception message
[DI] Dedup tags when using instanceof/autoconfigure
[Translation] Fix FileLoader::loadResource() php doc
Sessions: configurable "use_strict_mode" option for NativeSessionStorage
[FrameworkBundle] [Command] Clean bundle directory, fixes#23177
fixed CS
[WebProfilerBundle] Fix the icon for the Cache panel
[WebServerBundle] Fix router script path and check existence
...
* 3.2: (42 commits)
Show exception is checked twice in ExceptionController of twig
allow SSI fragments configuration in XML files
Display a better error message when the toolbar cannot be displayed
render hidden _method field in form_rest()
Add Doctrine Cache to dev dependencies to fix failing unit tests.
return fallback locales whenever possible
[Console] Fix catching exception type in QuestionHelper
[WebProfilerBundle] Eliminate line wrap on count columnt (routing)
[Routing] Fix XmlFileLoader exception message
[Translation] Fix FileLoader::loadResource() php doc
Sessions: configurable "use_strict_mode" option for NativeSessionStorage
[FrameworkBundle] [Command] Clean bundle directory, fixes#23177
Reset redirectCount when throwing exception
[TwigBundle] Remove template.xml services when templating is disabled
add content-type header on exception response
Embedding a response that combines expiration and validation, that should not defeat expiration on the combined response
fixed bad merge
Fix two edge cases in ResponseCacheStrategy
[Routing] Expose request in route conditions, if needed and possible
[Routing] Expose request in route conditions, if needed and possible
...
* 2.8: (40 commits)
Show exception is checked twice in ExceptionController of twig
allow SSI fragments configuration in XML files
Display a better error message when the toolbar cannot be displayed
render hidden _method field in form_rest()
return fallback locales whenever possible
[Console] Fix catching exception type in QuestionHelper
[WebProfilerBundle] Eliminate line wrap on count columnt (routing)
[Routing] Fix XmlFileLoader exception message
[Translation] Fix FileLoader::loadResource() php doc
Sessions: configurable "use_strict_mode" option for NativeSessionStorage
[FrameworkBundle] [Command] Clean bundle directory, fixes#23177
Reset redirectCount when throwing exception
[TwigBundle] Remove template.xml services when templating is disabled
add content-type header on exception response
Embedding a response that combines expiration and validation, that should not defeat expiration on the combined response
Fix two edge cases in ResponseCacheStrategy
[Routing] Expose request in route conditions, if needed and possible
[Routing] Expose request in route conditions, if needed and possible
[Translation][FrameworkBundle] Fix resource loading order inconsistency reported in #23034
[Filesystem] added workaround in Filesystem::rename for PHP bug
...
* 2.7:
Show exception is checked twice in ExceptionController of twig
allow SSI fragments configuration in XML files
Display a better error message when the toolbar cannot be displayed
render hidden _method field in form_rest()
return fallback locales whenever possible
This PR was merged into the 2.7 branch.
Discussion
----------
Display a better error message when the toolbar cannot be displayed
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23264
| License | MIT
| Doc PR | -
In action:
Commits
-------
cc7275bccc Display a better error message when the toolbar cannot be displayed
* 2.7:
[Routing] Fix XmlFileLoader exception message
Sessions: configurable "use_strict_mode" option for NativeSessionStorage
[FrameworkBundle] [Command] Clean bundle directory, fixes#23177
Reset redirectCount when throwing exception
[TwigBundle] Remove template.xml services when templating is disabled
add content-type header on exception response
Embedding a response that combines expiration and validation, that should not defeat expiration on the combined response
Fix two edge cases in ResponseCacheStrategy
[Routing] Expose request in route conditions, if needed and possible
[Routing] Expose request in route conditions, if needed and possible
[Translation][FrameworkBundle] Fix resource loading order inconsistency reported in #23034
[Filesystem] added workaround in Filesystem::rename for PHP bug
Add tests for ResponseCacheStrategy to document some more edge cases
[HttpFoundation] added missing docs
fixes#21606
[VarDumper] fixes
[Security] fix switch user _exit without having current token
This PR was squashed before being merged into the 2.7 branch (closes#23195).
Discussion
----------
[FrameworkBundle] [Command] Clean bundle directory, fixes#23177
| Q | A
| ------------- | ---
| Branch? | 2.7 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | no
| Fixed tickets | #23177
| License | MIT
This PR fix#23177
when running an assets:install, it will remove directorys who do not have anymore a valid Bundle
Commits
-------
180f178f43 [FrameworkBundle] [Command] Clean bundle directory, fixes#23177
This PR was squashed before being merged into the 3.3 branch (closes#23160).
Discussion
----------
[WebProfilerBundle] Fix the icon for the Cache panel
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23159
| License | MIT
| Doc PR | -
Commits
-------
50c1d478ce [WebProfilerBundle] Fix the icon for the Cache panel
This PR was merged into the 2.7 branch.
Discussion
----------
[TwigBundle] Add Content-Type header for exception response
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This PR comes after I was looking to customize the way exceptions are served for a JSON API (grabbed the info at http://symfony.com/doc/current/controller/error_pages.html#overriding-the-default-exceptioncontroller).
I noticed that even when changing the request format to 'json' so that the right json.twig template is served:
```php
// in my override of the ExceptionController
public function showAction(Request $request, FlattenException $exception, DebugLoggerInterface $logger = null)
{
$request->setRequestFormat('json');
return parent::showAction($request, $exception, $logger);
}
```
the response Content-Type header was still 'text/html'.
By now, the response Content-Type should be corresponding to the given request format.
I also feel there's some room for improvement with the general "displaying error for a JSON API" chapter as it feels strange that there's no configuration option to just say "serve me anything as json", but that's another issue.
Commits
-------
9e2b408f25 add content-type header on exception response
This PR was merged into the 3.3 branch.
Discussion
----------
[WebServerBundle] Fix router script option BC
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23206
| License | MIT
| Doc PR | -
Server commands does not work with router script given by a relative path eg.:
```
bin/console server:run -r router.php
```
but, this was working before and was removed (by accident I guess) in https://github.com/symfony/symfony/pull/21039/files#diff-b915f83f99a4166eb34eab581a92501bL187
Commits
-------
aeab2fe1f7 [WebServerBundle] Fix router script path and check existence
This PR was merged into the 3.3 branch.
Discussion
----------
[FrameworkBundle] Expose the AbstractController's container to its subclasses
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This is useful if an application provides their own base Controller that
references items in the container. It also makes it simpler for that
base controller to add additional optional dependencies by only overriding
getSubscribedServices instead of having to reimplement setContainer and
use ControllerTrait.
Commits
-------
ee17131fca Expose the AbstractController's container to its subclasses
This PR was squashed before being merged into the 3.4 branch (closes#22629).
Discussion
----------
[Security] Trigger a deprecation when a voter is missing the VoterInterface
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Right now it's possible to add voters to the access decision manager that do not have a `VoterInterface`.
- No Interface, no `vote()` method, and it will give a PHP error.
- No Interface, but `vote()` method, it will still work.
- If I don't implement the interface _and_ have no `vote()` method, I will get weird exception that's not meaningful: `Attempted to call an undefined method named "vote" of class "App\Voter\MyVoter".`
This PR will deprecate the ability to use voters without the interface, it will also throw a proper exception when missing the interface _and_ the `vote()` method. Why when using and not when setting? Due to the fact that the voters can be set lazily via the `IteratorArgument`. The SecurityBundle will trigger a deprecation if the interface is not implemented and an exception if there's not even a `vote()` method present (to prevent exceptions at run-time).
This should have full backwards compatibility with 3.3, but give more meaningful errors. The only behavioral difference, might be that the container will throw an exception instead of maybe succeeding in voting when 1 voter would be broken at the end of the list (based on strategy). This case however, will be detected during development and deployment, rather than run-time.
Commits
-------
9c253e1ff6 [Security] Trigger a deprecation when a voter is missing the VoterInterface
Useful if an application provides their own base Controller that
references items in the container. It also makes it simpler for that
base controller to add additional optional dependencies by only overriding
getSubscribedServices instead of having to reimplement setContainer and
use ControllerTrait.
* 3.2:
[SecurityBundle] Move cache of the firewall context into the request parameters
Fix Usage with anonymous classes
[Workflow] Added more keywords in the composer.json
[Cache] APCu isSupported() should return true when apc.enable_cli=Off
[PropertyAccess] Do not silence TypeErrors from client code.
