This PR was merged into the 4.4 branch.
Discussion
----------
[SecurityBundle] Use config variable in AnonymousFactory
| Q | A
| ------------- | ---
| Branch? | 4.4 and 5.0
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
It looks like the `AnonymousFactory` was copied incorrectly in https://github.com/symfony/symfony/pull/33503 as it uses the old `$firewall` variable available in `SecurityExtension.php`. Changing this to `$config` yields the desired results
Commits
-------
8d850d2da4 When set, get secret from config variable
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Set the parameter bag as resolved in ContainerLintCommand
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/issues/34526, Closes#34767
| License | MIT
| Doc PR | -
Alternative to https://github.com/symfony/symfony/pull/34767, idea by @nicolas-grekas.
Commits
-------
e8d3c2b969 [FrameworkBundle] Set the parameter bag as resolved in ContainerLintCommand
This PR was merged into the 4.4 branch.
Discussion
----------
[Security/Core] Fix checking for SHA256/SHA512 passwords
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
The code to validate bcrypt passwords (#31763) needs to include SHA256 and SHA512-hashed passwords. These are used on RedHat (and derived) systems.
Since SHA256/512 don't appear to have a limit of 72 characters, I simply created a new if() block.
-->
Commits
-------
799c85b67c [Security/Core] Fix checking for SHA256/SHA512 passwords
This PR was merged into the 4.4 branch.
Discussion
----------
[DependencyInjection][Xml] Fix the attribute 'tag' is not allowed in 'bind' tag
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | N/A <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs/pull/12741 <!-- required for new features -->
Add test case for https://symfony.com/blog/new-in-symfony-4-4-dependency-injection-improvements-part-1#allow-binding-tagged-services and fix a bug with attribute 'tag' is not allowed
Commits
-------
e38f7d41ef [DependencyInjection][Xml] Fix the attribute 'tag' is not allowed in 'bind' tag
* 4.3:
[Messenger] add tests to FailedMessagesShowCommand
Fix the translation commands when a template contains a syntax error
[Security] Fix clearing remember-me cookie after deauthentication
[Validator] Update Slovenian translations
[Config][ReflectionClassResource] Handle parameters with undefined constant as their default values
fix dumping number-like string parameters
Fix CI
[Console] Fix autocomplete multibyte input support
[Config] don't break on virtual stack frames in ClassExistenceResource
more robust initialization from request
This PR was merged into the 3.4 branch.
Discussion
----------
more robust initialization from request
Request::getPort is declared as int|string but can actually return null.
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
I discovered this problem with a functional test where i dispatch the RequestEvent with a `new Request()`. This used to work in symfony 4 and now triggers an error `Argument 1 passed to Symfony\Component\Routing\RequestContext::setHttpPort() must be of the type int, null given`
In regular web requests, this should probably never happen, but it seems to me if Request is not robust, the RequestContext should be robust about it.
Commits
-------
c6ed0f0208 more robust initialization from request
This PR was merged into the 4.4 branch.
Discussion
----------
[TwigBundle] remove service when base class is missing
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
c3a658ac0f remove service when base class is missing
This PR was merged into the 4.4 branch.
Discussion
----------
[DoctrineBridge] do not depend on the QueryBuilder from the ORM
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34581
| License | MIT
| Doc PR |
Commits
-------
6958d77f0c do not depend on the QueryBuilder from the ORM
This PR was merged into the 4.4 branch.
Discussion
----------
[Security/Http] call auth listeners/guards eagerly when they "support" the request
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34614, Fix#34679
| License | MIT
| Doc PR | -
This fixes the form authenticator linked to #34614.
Since laziness is here to provide compatibility with HTTP caching, it should be disabled when the request cannot be cached.
Tests don't pass yet, but I'm on the path to something here.
The PR now introduces a new `AbstractListener` that splits the handling logic in two:
- `supports(Request): ?bool` is always called eagerly and tells whether the listener matches the request for an earger call or a lazy call
- `authenticate(RequestEvent)` does the rest of the job when `supports()` allows so - lazily or not depending on the return value of `supports()`.
Of course, this remains compatible with non-lazy logics, see `AbstractListener::__invoke()`.
Commits
-------
b20ebe6b90 [Security/Http] call auth listeners/guards eagerly when they "support" the request
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Fix clearing remember-me cookie after deauthentication
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#26379
| License | MIT
| Doc PR | -
If you are using the `remember_me` listener and the refreshed user is deauthenticated, you are still logged in because the remember-me cookie does not get cleared.
This fixes it.
Commits
-------
d625a73705 [Security] Fix clearing remember-me cookie after deauthentication
This PR was merged into the 3.4 branch.
Discussion
----------
Fix the translation commands when a template contains a syntax error
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#34586
| License | MIT
| Doc PR | n/a
When using `debug:translation` or `translation:update`, we should catch exceptions to avoid breaking the command. It was not really an issue before Symfony 4.4/5 as we didn't have templates in the core that use features from optional dependencies.
Commits
-------
7f803bc674 Fix the translation commands when a template contains a syntax error
This PR was merged into the 4.4 branch.
Discussion
----------
[Mime] Fixing multidimensional array structure with FormDataPart
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33063#34031
| License | MIT
| Doc PR | -
The issue is pretty much described on #34031
The current structure of the raw body build on FormDataPart is not well recognized by the server. It considers all the fields as a root type, when actually it is possible to send arrays by html forms.
Lets the following structure on the html
```html
<input type="text" name="names[]" value="John" />
<input type="text" name="names[]" value="Doe" />
```
It creates the following raw body:
```
----------------------------466490401959219490193856
Content-Disposition: form-data; name="names[]"
John
----------------------------466490401959219490193856
Content-Disposition: form-data; name="names[]"
Doe
----------------------------466490401959219490193856--
```
Meanwhile, the FormDataPart on Mime component generates the following body:
```
--_=_symfony_1571410799_b7846b3b4e86d821cdec4379e62b4068_=_
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Content-Disposition: form-data
John
--_=_symfony_1571410799_b7846b3b4e86d821cdec4379e62b4068_=_
Content-Type: text/plain; charset=utf-8; name=1
Content-Transfer-Encoding: 8bit
Content-Disposition: form-data; name=1
Doe
--_=_symfony_1571410799_b7846b3b4e86d821cdec4379e62b4068_=_--
```
For more complex structures, the $_POST doesn't even recognize properly the field names and values.
Commits
-------
ca630e5351 Changing the multipart form-data behavior to use the form name as an array, which makes it recognizable as an array by PHP on the $_POST globals once it is coming from the HttpClient component
This PR was squashed before being merged into the 4.3 branch (closes#34641).
Discussion
----------
[Messenger] add tests to FailedMessagesShowCommand
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Add missing tests to FailedMessagesShowCommand in Messenger component
Commits
-------
4b9b93f5d6 [Messenger] add tests to FailedMessagesShowCommand
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Update Slovenian translations
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#30186
| License | MIT
| Doc PR | N/A
Hello, this fixes the https://github.com/symfony/symfony/issues/30186
Commits
-------
b2ae60a73b [Validator] Update Slovenian translations