This PR was merged into the 4.3-dev branch.
Discussion
----------
[Security] Add NativePasswordEncoder
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR adds a new `NativePasswordEncoder` that defaults to the best available hashing algo to `password_hash()`. Best is determined by "us" or "php", the goal being that this will change in the future as new algos are published.
This provides a native encoder that we should recommend using by default.
Commits
-------
28f7961c55 [Security] Add NativePasswordEncoder
This PR was merged into the 4.2 branch.
Discussion
----------
[FrameworkBundle] call method with Translator component only
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #31152
| License | MIT
| Doc PR |
Commits
-------
f49881d24a call method with Translator component only
* 4.2:
Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)"
[FrameworkBundle] minor: remove a typo from changelog
[VarDumper] fix tests with ICU 64.1
[VarDumper][Ldap] relax some locally failing tests
[Validator] #30192 Added the missing translations for the Tagalog ("tl") locale.
Make MimeTypeExtensionGuesser case insensitive
Fix get session when the request stack is empty
[Routing] fix trailing slash redirection with non-greedy trailing vars
[FrameworkBundle] decorate the ValidatorBuilder's translator with LegacyTranslatorProxy
This PR was merged into the 4.2 branch.
Discussion
----------
[Routing] fix trailing slash redirection with non-greedy trailing vars
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #30863, #31066
| License | MIT
| Doc PR | -
Fixes redirecting `/123/` to `/123` when the route is defined as `/{foo<\d+>}`
Commits
-------
d88833d27a [Routing] fix trailing slash redirection with non-greedy trailing vars
This PR was merged into the 4.2 branch.
Discussion
----------
[FrameworkBundle] decorate the ValidatorBuilder's translator with LegacyTranslatorProxy
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #31092, #31025
| License | MIT
| Doc PR | -
This allows defining a translator that implements only the new interface and use it with ValidatorBuilder.
ping @dvdknaap, @snebes since you were affected.
Commits
-------
a12656eaad [FrameworkBundle] decorate the ValidatorBuilder's translator with LegacyTranslatorProxy
This PR was merged into the 4.2 branch.
Discussion
----------
[HttpKernel] Fix get session when the request stack is empty
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
This bug happen behind an exception on a kernel response event, when one collector (e.g. `RequestDataCollector`) is trying to get the request session and the request stack is currently empty.
**Reproducer**
https://github.com/yceruto/get-session-bug (`GET /`)
See logs on terminal:
```bash
Apr 15 20:29:03 |ERROR| PHP 2019-04-15T20:29:03-04:00 Call to a member function isSecure() on null
Apr 15 20:29:03 |ERROR| PHP PHP Fatal error: Uncaught Symfony\Component\Debug\Exception\FatalThrowableError: Call to a member function isSecure() on null in /home/yceruto/demos/getsession/vendor/symfony/http-kernel/EventListener/SessionListener.php:43
Apr 15 20:29:03 |DEBUG| PHP Stack trace:
Apr 15 20:29:03 |DEBUG| PHP #0 /home/yceruto/demos/getsession/vendor/symfony/http-kernel/EventListener/AbstractSessionListener.php(59): Symfony\Component\HttpKernel\EventListener\SessionListener->getSession()
Apr 15 20:29:03 |DEBUG| PHP #1 /home/yceruto/demos/getsession/vendor/symfony/http-foundation/Request.php(707): Symfony\Component\HttpKernel\EventListener\AbstractSessionListener->Symfony\Component\HttpKernel\EventListener\{closure}()
Apr 15 20:29:03 |DEBUG| PHP #2 /home/yceruto/demos/getsession/vendor/symfony/http-kernel/DataCollector/RequestDataCollector.php(65): Symfony\Component\HttpFoundation\Request->getSession()
Apr 15 20:29:03 |DEBUG| PHP #3 /home/yceruto/demos/getsession/vendor/symfony/http-kernel/Profiler/Profiler.php(167): Symfony\Component\HttpKernel\DataCollector\RequestDataCollector->collect(Object(Symfony\Component\HttpFoundation\Request), Object(Symfony\Component\HttpFoundation\Respo in /home/yceruto/demos/getsession/vendor/symfony/http-kernel/EventListener/SessionListener.php on line 43
```
Friendly ping @nicolas-grekas as author of the previous PR https://github.com/symfony/symfony/pull/28244
Commits
-------
d62ca37ab6 Fix get session when the request stack is empty
* 3.4:
Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)"
[FrameworkBundle] minor: remove a typo from changelog
[VarDumper][Ldap] relax some locally failing tests
[Validator] #30192 Added the missing translations for the Tagalog ("tl") locale.
Make MimeTypeExtensionGuesser case insensitive
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Added the missing translations for the Tagalog ("tl") locale
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | No
| New feature? | No
| BC breaks? | No
| Deprecations? | No
| Tests pass? | Yes
| Fixed tickets | #30192
| License | MIT
| Doc PR |
[Validator] This pull request will add the missing translations for the Tagalog ("tl") locale.
Commits
-------
6ab574b7c9 [Validator] #30192 Added the missing translations for the Tagalog ("tl") locale.
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] Make MimeTypeExtensionGuesser case insensitive
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Some mime types have a camelCase word in them.
The Apache HTTPD project list items are all lower case.
So I suggest making the $mimeType string lowercase while checking the array key.
That way, we can keep the list in sync.
Example: xlsm file mime type is `application/vnd.ms-excel.sheet.macroEnabled.12`
The key that matches the xlsm extension in the `$defaultExtensions` array is `application/vnd.ms-excel.sheet.macroenabled.12`
Example xlsm file:
https://github.com/vermeirentony/xlsm-example
Commits
-------
e294ee6b9a Make MimeTypeExtensionGuesser case insensitive
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] minor: remove a typo from changelog
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | none <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | none. <!-- required for new features -->
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
just a little typo fix: new new -> new
Commits
-------
8f7682c175 [FrameworkBundle] minor: remove a typo from changelog
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine
Based on #88
Commits
-------
ab4d05358c Fix XSS issues in the form theme of the PHP templating engine