This PR was merged into the 4.4 branch.
Discussion
----------
[Ldap] Add comment about bind with empty password
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | /
| License | MIT
| Doc PR | /
When LDAP server allows unauthenticated binds, calling the method `bind` with a blank password will return a positive response.
This is not an issue when using High Level classes of Symfony, because this case is handled in `LdapBindAuthenticationProvider` and `CheckLdapCredentialsListener`.
And passing a blank password could be a valid use case for the low level class `Connection`.
This PR adds a comment on the parameter `$password` to let people Know about this
Commits
-------
63a8570a42 Add a warning comment on ldap empty password
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Cache] give control over cache prefix seed
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets |
| License | MIT
| Doc PR |
Reopened#35723 for master.
The configurable cache prefix seed does not give full control over the cache prefix because the container class is added to the prefix in any case. This is a problem because the container class contains the app env name. We use different app environments for different deployment targets (dev and test). We want dev and test to use the same redis cache. But this is impossible to achieve because even setting the cache prefix seed does not accomplish this.
Commits
-------
6681b92524 [Cache] give control over cache prefix seed
* 5.1:
Revert "Swallow errors"
Swallow errors
Allow Drupal to wrap the Symfony test listener
Bump Symfony version to 5.1.6
Update VERSION for 5.1.5
Update CHANGELOG for 5.1.5
This PR was merged into the 5.1 branch.
Discussion
----------
Allow Drupal to wrap the Symfony test listener (5.1 backport)
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | kinda
| New feature? | no
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
This is a backport of #37708
Commits
-------
244e8d2408 Revert "Swallow errors"
ee8cc2666b Swallow errors
f9bfe7fd79 Allow Drupal to wrap the Symfony test listener
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Security] Configurable execution order for firewall listeners
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR | n/a
Hello there, I'm the author of `scheb/two-factor-bundle`, which extends Symfony's security layer with two-factor authentication. I've been closely following the recent changes by @wouterj to rework the security layer with "authenticators" (great work!). While I managed to make my bundle work with authenticators, I see some limitations in the security layer that I'd like to address to make such extensions easier to implement.
In #37336 I've submitted a draft to let security factories add their own authentication listeners to the firewall. This PR is intended to address the issue of execution order. If you look at the `Firewall` class
f64f59a9c0/src/Symfony/Component/Security/Http/Firewall.php (L62-L82)
authentication listeners are executed in the order of their creation. Additionally, there's hardcoded logic to execute `Symfony\Component\Security\Http\Firewall\AccessListener` always last and the logout listener second to last. I'd like to have a more flexible approach, to remove the hardcoded order and give authentication listeners the ability to determine their execution order.
I've added an optional interface to provide a priority to sort all registered authenitication listeners. Sorting is done in a compiler pass, so no time is wasted at runtime.
This is a draft, so I'd like to hear your opinion on this :)
Commits
-------
91388e871b Add ability to prioritize firewall listeners
This PR was merged into the 5.2-dev branch.
Discussion
----------
Remove unnecessary silence operator
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
A gobble-all-errors handler was added around the unserialize() call making the @ operator unnecessary.
Commits
-------
03201f0d23 No longer need to silence errors as we're catching them all
The configurable cache prefix seed does not give full control over the cache prefix because the container class is added to the prefix in any case. This is a problem because the container class contains the app env name. We use different app environments for different deployment targets (dev and test). Dev and test should use the same redis cache. But this is impossible to achieve because even setting the cache prefix seed does not accomplish this.
This PR was merged into the 3.4 branch.
Discussion
----------
[Console] Fix undefined index for inconsistent command name definition
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fixes#38015
| License | MIT
| Doc PR | -
The issue happens when the command name is set via construct/setName() and is routed via a command loader under a different name, which causes `Application::get(): Command` to return null (return type violation) with a notice. This makes it throws a proper CommandNotFoundException as expected.
Commits
-------
d59140e857 Fix undefined index for inconsistent command name definition
This PR was submitted for the 3.4 branch but it was squashed and merged into the 5.2-dev branch instead.
Discussion
----------
[Serializer] fix denormalization of basic property-types in XML and CSV
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33849
| License | MIT
| Doc PR |
Like I explained in the Issue, the serializer cannot de-serialize non-string basic properties (int, float, bool). This PR add's some logic to cast to the expected types.
Similar logic is already present in the [XmlUtils](https://github.com/symfony/symfony/blob/4.4/src/Symfony/Component/Config/Util/XmlUtils.php#L215)-Class of the Config-Component
Commits
-------
3824dafffb [Serializer] fix denormalization of basic property-types in XML and CSV
This PR was merged into the 5.2-dev branch.
Discussion
----------
[PHPUnitBridge] deprecations not disabled anymore when disabled=0
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? |
| Tickets |
| License | MIT
| Doc PR |
According to the [docs](https://symfony.com/doc/current/components/phpunit_bridge.html#disabling-the-deprecation-helper), `disabled=1` turns off deprecations mode on phpunit-bridge. It's not totally true since deprecations are disabled as soon as `disabled` key is present in `SYMFONY_DEPRECATIONS_HELPER`. So if `disabled=0` deprecations are still disabled.
Instead of updating the doc, this PR suggest to make `disabled` behavior consistent with `verbose` behavior, so:
- `disabled` => deprecations disabled
- `disabled=0` => deprecations enabled
- `disabled=1` => deprecations disabled
Commits
-------
6908e3d156 [PHPUnitBridge] deprecations not enabled anymore when disabled=0
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Form] dispatch submit events for disabled forms too
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27217
| License | MIT
| Doc PR |
TODO:
- [ ] add a test case covering the validation use case
Commits
-------
6da42ae2d1 dispatch submit events for disabled forms too
This PR was merged into the 5.1 branch.
Discussion
----------
stop using the deprecated at() PHPUnit matcher
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
e36e73b9cf stop using the deprecated at() PHPUnit matcher