This PR was merged into the 2.7 branch.
Discussion
----------
[Yaml][TwigBridge] Use JSON_UNESCAPED_SLASHES for lint commands output
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Slashes are escaped when sing the `lint:twig` and `lint:yaml` commands with the `format` option set to `json`, giving such results:
```json
[
{
"file": "yaml\/wrong\/1.yml",
"valid": false,
"message": "Unable to parse at line 1 (near \";:cc`\")."
}
]
```
That's not convenient as file paths may be reused (e.g. copy-pasted).
Results stay fine as error messages are already escaped:
```json
[
{
"file": "yaml/wrong/1.yml",
"valid": false,
"message": "Unable to parse at line 1 (near \";:cc`\")."
}
]
```
Commits
-------
0427594 Use JSON_UNESCAPED_SLASHES for lint commands output
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Check for class existence before is_subclass_of
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Same as #19342
Commits
-------
8a9e0f5 [FrameworkBundle] Check for class existence before is_subclass_of
This PR was squashed before being merged into the 2.7 branch (closes#19373).
Discussion
----------
[Form] Skip CSRF validation on form when POST max size is exceeded
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19140
| License | MIT
| Doc PR | N/A
In #19140 the CSRF validation listener was not aware that the POST max size had exceeded, and was adding a form error message that wasn't relevant to the actual error.
This introduces the `ServerParams` utility class into the `CsrfValidationListener` and checks that the POST max size has not been exceeded. If it has then it won't bother trying to validate the CSRF token.
My main concern with this change is that it opens up an attack vector around tokens, but I've encapsulated the request size validation in a single method in `ServerParams` now so that the request handlers are using the same logic.
Commits
-------
289531f [Form] Skip CSRF validation on form when POST max size is exceeded
This PR was squashed before being merged into the 2.7 branch (closes#19405).
Discussion
----------
Fixed bugs in names of classes and methods.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
It's related to case sensitive.
I changed only calls of names of called methods but not definition of methods because BC.
Commits
-------
c41aa03 Fixed bugs in names of classes and methods.
This PR was squashed before being merged into the 2.7 branch (closes#18688).
Discussion
----------
[HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#6526
Emit a warning when a request has both a trusted Forwarded header and a trusted X-Forwarded-For header, as this is most likely a misconfiguration which causes security issues.
Commits
-------
ee8842f [HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
* 2.3:
updated VERSION for 2.3.42
update CONTRIBUTORS for 2.3.42
updated CHANGELOG for 2.3.42
Revert "bug #18908 [DependencyInjection] force enabling the external XML entity loaders (xabbuh)"
Partial revert of previous PR
[DependencyInjection] Skip deep reference check for 'service_container'
Catch \Throwable
[Serializer] Add missing @throws annotations
Fix for #18843
force enabling the external XML entity loaders
Removed UTC specification with timestamp
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Remove misleading comment
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This is not true for service_container anymore.
Commits
-------
9f2f858 [FrameworkBundle] Remove misleading comment
* 2.3:
Detect CLI color support for Windows 10 build 10586
[EventDispatcher] Try first if the event is Stopped
[FrameworkBundle] fixes grammar in container:debug command manual.
Conflicts:
src/Symfony/Component/EventDispatcher/EventDispatcher.php
src/Symfony/Component/HttpKernel/Debug/TraceableEventDispatcher.php
* 2.3:
[Validator] use correct term for a property in docblock (not "option")
[PropertyAccess] Remove most ref mismatches to improve perf
[Validator] EmailValidator cannot extract hostname if email contains multiple @ symbols
[NumberFormatter] Fix invalid numeric literal on PHP 7
Use XML_ELEMENT_NODE in nodeType check
[PropertyAccess] Reduce overhead of UnexpectedTypeException tracking
[PropertyAccess] Throw an UnexpectedTypeException when the type do not match
[FrameworkBundle] Add tests for the Controller class
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Tests/Controller/ControllerTest.php
src/Symfony/Component/Intl/NumberFormatter/NumberFormatter.php
src/Symfony/Component/PropertyAccess/PropertyAccessor.php
src/Symfony/Component/PropertyAccess/PropertyAccessorInterface.php
src/Symfony/Component/PropertyAccess/PropertyPath.php
src/Symfony/Component/PropertyAccess/Tests/PropertyAccessorTest.php
src/Symfony/Component/Validator/Constraints/EmailValidator.php
* 2.3:
Improved the PHPdoc of FileSystem::copy()
[Validator] Test DNS Email constraints using checkdnsrr() mock
[travis] Run real php subprocesses on hhvm for Process component tests
bug #18161 [Translation] Add support for fuzzy tags in PoFileLoader
[Form] Fix NumberToLocalizedStringTransformer::reverseTransform with big integers
[Form] Fix INT64 cast to float in IntegerType.
[SecurityBundle][PHPDoc] Added method doumentation for SecurityFactoryInterface
FrameworkBundle: Client: getContainer(): fixed phpdoc
[Validator] Updating inaccurate docblock comment
Conflicts:
.travis.yml
src/Symfony/Component/Validator/Tests/Constraints/EmailValidatorTest.php
* 2.3:
[HttpFoundation] Fix transient test
[HttpFoundation] Add a dependency on the mbstring polyfill
add readme files where missing
Don't use reflections when possible
[Form] Update form tests after the ICU data update
[Intl] Update tests and the number formatter to match behaviour of the intl extension
[Intl] Update the ICU data to version 55
[Intl] Fix the update-data.php script in preparation for ICU 5.5
Use constant instead of function call.
fixed test name
automatically generate safe fallback filename
Conflicts:
src/Symfony/Component/Debug/Debug.php
src/Symfony/Component/HttpFoundation/composer.json
src/Symfony/Component/Serializer/Tests/Normalizer/GetSetMethodNormalizerTest.php
This PR was merged into the 2.7 branch.
Discussion
----------
[2.7] Don't use reflection when possible
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
See https://github.com/symfony/symfony/pull/18021
Commits
-------
35be501 Don't use reflections when possible
* 2.3:
Updated all the README files
[TwigBundle] Fix failing test on appveyor
[FrameworkBundle] Fix a regression in handling absolute and namespaced template paths
Allow to normalize \Traversable
Remove _path from query parameters when fragment is a subrequest and request attributes are already set Added tests for _path removal in FragmentListener
Simplified everything
Added a test
Fixed the problem in an easier way
Fixed a syntax issue
Improved the error message when a template is not found
[CodingStandards] Conformed to coding standards
[TwigBundle] fixed Include file locations in "Template could not be found" exception
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Test that ObjectNormalizer is registered
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
129b140 [FrameworkBundle] Test that ObjectNormalizer is registered
* 2.3:
#17676 - making the proxy instantiation compatible with ProxyManager 2.x by detecting proxy features
Fix bug when using an private aliased factory service
ChoiceFormField of type "select" could be "disabled"
Update contributing docs
[Console] Fix escaping of trailing backslashes
Fix constraint validator alias being required
[ci] clone with depth=1 to kill push-forced PRs
Add check on If-Range header
This PR was merged into the 2.3 branch.
Discussion
----------
[FrameworkBundle] read commands from bundles when accessing list
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This allows access to the list of commands registered by the kernel (bundle and later service ids) programmatically when you do not `run` the application.
Commits
-------
0fe3088 register commands from kernel when accessing list
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Fix choice placeholder edge cases
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Fixing several problems with choice placeholder that enhances #9030 for more edge cases:
- A choice with an empty value manually added in the choices array should only be considered a placeholder when it is the first element in the final choice select.
This is part of the HTML spec and how browsers also behave. If you select a choice with an empty value that is not the first option, it will still pass the "required" check
and thus submit the empty value. So it's not a placeholder.
If in the example below you move the empty option to the first place, the browsers will error on submit that you
must select a value. So only then it is a placeholder to show as initial value.
```html
<select id="form_timezone" name="form[timezone]" required="required">
<option value="Africa/Abidjan">Abidjan</option>
<option value="">Empty</option>
</select>
```
Also the validator https://validator.w3.org/nu/ will mark the above code as error:
> The first child option element of a select element with a required attribute, and without a multiple attribute, and without a size attribute whose value is greater than 1, must have either an empty value attribute, or must have no text content. Consider either adding a placeholder option label, or adding a size attribute with a value equal to the number of option elements.
This is fixed by replacing`0 !== count($choiceList->getChoicesForValues(array('')))` with `$view->vars['placeholder_in_choices'] = $choiceListView->hasPlaceholder()`.
Which means, the required attribute is removed automatically because the select form element is required implicitly anyway due to the nature of the choice UI.
- As the above quote mentions, the `size` attribute also has impact. Namely for a select with size > 1 it can be possible to have a required attribute even without placeholder.
This is because when the size > 1, there is no default choice selected (similar to select with "multiple").
- A placeholder for required radio buttons or a select with size > 1 does not make sense as it would just be fake data that can be submitted (similar to the ignored placeholder for multi-select and checkboxes).
Commits
-------
0efbc30 [Form] fix edge cases with choice placeholder
* 2.3:
remove unnecessary retrieval and setting of data
avoid (string) catchable fatal error for __PHP_Incomplete_Class instances
sendContent return as parent.
[FrameworkBundle] Fix a typo
* 2.3:
[travis] Add some comments
changed operator from and to &&
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/choice_widget_collapsed.html.php
* 2.3:
fix container cache key generation
[Translation] Add resources from fallback locale
[DependencyInjection] enforce tags to have a name
[YAML] Refine the return value of Yaml::parse()
If the actual class name were not taken into, we would not be able to
detect inconsistencies between the different configuration formats (PHP,
YAML, and XML) as the container built based on the first evaluated
configuration format would be cached and reused by tests for the other
formats too.
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] remove default null value for asset version
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Setting `null` as the version of a package means that it uses the empty
version strategy. However, omitting the `version` option entirely was
meant to fall back to the default version strategy. This is not possible
when the default version value is `null` as there is no way to remove
it.
Commits
-------
25f735f remove default null value for asset version
Setting `null` as the version of a package means that it uses the empty
version strategy. However, omitting the `version` option entirely was
meant to fall back to the default version strategy. This is not possible
when the default version value is `null` as there is no way to remove
it.
This PR was merged into the 2.3 branch.
Discussion
----------
Remove invalid CSS white-space value
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
03d3182 Remove invalid CSS white-space value
This PR was merged into the 2.3 branch.
Discussion
----------
Static code analysis
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Things that done:
* fix case in method calls
* removed unused imports
* use shorter concat where it possible
* optimize some css
* removed duplicated array keys
* removed redurant return statements
* removed one-time variables
* do not pass arguments that not used in functions
Commits
-------
8db691a Static code analysis
This PR was merged into the 2.3 branch.
Discussion
----------
[FrameworkBundle] Fix template location for PHP templates
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14804
| License | MIT
| Doc PR | -
- [x] improve the test to cover logical path & filesystem path
- [x] Add a new test case and fix the path to the template
As the first commit only enchanced the test, and the second commit fixed the bug, it's best to review them seperately.
Commits
-------
132a4e4 [FrameworkBundle] Fix template location for PHP templates
cd42e2d [FrameworkBundle] Add path verification to the template parsing test cases
* 2.3:
fixed undefined variable
Fixed the phpDoc of UserInterface
fixed APCu dep version
Added support for the `0.0.0.0/0` trusted proxy
[DoctrineBridge][Validator] >= 2.3 Pass association instead of ID as argument
[HttpKernel] Lookup the response even if the lock was released after 2 seconds
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Compute the kernel root hash only one time
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
23431e9 [FrameworkBundle] Compute the kernel root hash only one time
* 2.3:
[Process] Remove a misleading comment
Improve the phpdoc of SplFileInfo methods
[Process] Use stream based storage to avoid memory issues
Fixed the documentation of VoterInterface::supportsAttribute
Remove useless duplicated tests
[FrameworkBundle] Optimize framework extension tests
Use is_subclass_of instead of Reflection when possible
This PR was merged into the 2.7 branch.
Discussion
----------
[2.7] Use is_subclass_of instead of reflection
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
Follows https://github.com/symfony/symfony/pull/17400
>
For performance reason, I replaced a reflection instantiation by ``is_subclass_of``.
Commits
-------
5af5d06 Use is_subclass_of instead of reflection
* 2.3:
Fixed correct class name in thrown exception
Add gc_mem_caches() call for PHP7 after itoken_get_all() as new memory manager will not release small buckets to OS automatically
Removed a duplicated test in CardSchemeValidatorTest
Fix perf and mem issue when using token_get_all
[SecurityBundle] fix SecureRandom service constructor args
Normalize params only when used.
* 2.3:
Typo fix
[2.3] Static Code Analysis for Components
Added support \IteratorAggregate for UniqueEntityValidator
Fix#17306 Paths with % in it are note allowed (like urlencoded)
Added sort order SORT_STRING for params in UriSigner
Remove normalizer cache in Serializer class
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Improved performance of ChoiceType and its subtypes
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I found out today that, although CachingFactoryDecorator is part of Symfony 2.7, it is not configured to be used in the DI configuration. This simple in-memory cache improved the page load by 50% for one considerably large form with many (~600) choice/entity fields that I was working on today.
Also, caching of query builders with parameters was broken, since the parameters are represented by objects. PHP's object hashes were used to calculate the cache keys, hence the cache always missed. I converted parameters to arrays for calculating the cache keys to fix this problem.
Commits
-------
a0ef101 [Form] Improved performance of ChoiceType and its subtypes
* 2.3:
[travis] timeout the sigchild tests at 60s
CS: Single line comments should use double slashes (//) and not hash (#).
Do not use HttpKernel Extension when not needed
bumped Symfony version to 2.3.37
updated VERSION for 2.3.36
update CONTRIBUTORS for 2.3.36
updated CHANGELOG for 2.3.36
use nowdoc instead of heredoc
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ConfigDumpReferenceCommand.php
src/Symfony/Bundle/FrameworkBundle/Command/RouterApacheDumperCommand.php
src/Symfony/Bundle/FrameworkBundle/Command/RouterMatchCommand.php
src/Symfony/Bundle/FrameworkBundle/Translation/Translator.php
src/Symfony/Bundle/TwigBundle/Command/LintCommand.php
src/Symfony/Component/Config/Tests/Definition/Dumper/YamlReferenceDumperTest.php
src/Symfony/Component/Debug/ExceptionHandler.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Routing/Generator/Dumper/PhpGeneratorDumper.php
* 2.3:
prefer phpunit 5.x on hhvm
[FrameworkBundle][HttpKernel] the finder is required to discover bundle commands
[travis] Auto-conf deps=high matrix line
Fix the logout path when not using the router
[HttpFoundation] Added the ability of mapping stream wrapper protocols when using X-Sendfile
[HttpFoundation] Add a test case for using BinaryFileResponse with stream wrappers
Conflicts:
.travis.yml
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/SecurityBundle/Templating/Helper/LogoutUrlHelper.php
This PR was merged into the 2.3 branch.
Discussion
----------
[FrameworkBundle] prevent cache:clear creating too long paths
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15547#16783
| License | MIT
| Doc PR | -
Commits
-------
6e279c5 [FrameworkBundle] prevent cache:clear creating too long paths
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] [Translation] Fixed translations not written when no translations directory in update command
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Currently when you run the TranslationUpdateCommand and want to write the translation in the domain file without a `translations` directory the output is `[OK] Success` but the file is not created.
This PR fix the creation of the directory.
Commits
-------
8c45107 [FrameworkBundle] [Translation] Fixed translations not written when no translations directory in update command
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Disable built-in server commands when Process component is missing
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This also backports the improvement for the `suggest` section from #16650 to the `2.7` branch and improves it by also mentioning the other built-in server commands.
Commits
-------
972c4ca disable server commands without Process component
dd82b64 list all server command names in suggestion
d18fb9b Suggested Process dependency
* 2.3:
Fix undefined array $server
[ProxyManager] Tmp fix composer reqs issue in ZF
Add missing exclusions from phpunit.xml.dist
Fix the server variables in the router_*.php files
[Validator] Allow an empty path with a non empty fragment or a query
The following change adds support for Armenian pluralization.
[2.3][Process] fix Proccess run with pts enabled
Conflicts:
composer.json
src/Symfony/Bridge/ProxyManager/composer.json
src/Symfony/Bundle/DebugBundle/phpunit.xml.dist
src/Symfony/Component/Security/phpunit.xml.dist
This PR was squashed before being merged into the 2.3 branch (closes#16352).
Discussion
----------
Fix the server variables in the router_*.php files
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
The built-in web server automatically rewrites everything to the `app_dev.php` script, but it does not adjust the server variables accordingly.
Here is the output of `print_r($_SERVER)` on Apache with mod_rewrite enabled (relevant lines only):
```
Array
(
[REQUEST_URI] => /text-elements.html
[SCRIPT_NAME] => /app_dev.php
[PHP_SELF] => /app_dev.php
)
```
And here is the output of the exact same script on the built-in server:
```
Array
(
[REQUEST_URI] => /text-elements.html
[SCRIPT_NAME] => /text-elements.html
[PHP_SELF] => /text-elements.html
)
```
And here is the return value of Symfony's `Request::getScriptName()` method:
```php
// Apache: http://localhost/text-elements.html
echo $this->container->get('request_stack')->getCurrentRequest()->getScriptName(); // /app_dev.php
// Built-in web server: http://127.0.0.1:8000/text-elements.html
echo $this->container->get('request_stack')->getCurrentRequest()->getScriptName(); // /text-elements.html
```
This PR fixes the two server variables in the `router_dev.php` script.
Commits
-------
4923411 Fix the server variables in the router_*.php files
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] JsonDescriptor - encode container params only once
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16379
| License | MIT
| Doc PR |
Commits
-------
dd9d076 JsonDescriptor - encode container params only once
* 2.3:
added the new Composer exclude-from-classmap option
fix expected argument type docblock
Set back libxml settings after testings.
fixed Twig deprecation notices