This PR was squashed before being merged into the 2.8 branch (closes#16395).
Discussion
----------
checkCredentials() force it to be an affirmative yes!
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no (because 2.8 isn't released)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This changes `GuardAuthenticatorInterface::checkCredentials()`: you now *must* return true in order for authentication to pass.
Before: You could do nothing (i.e. return null) and authentication would pass. You threw an AuthenticationException to cause a failure.
New: You *must* return `true` for authentication to pass. If you do nothing, we will throw a `BadCredentialsException` on your behalf. You can still throw your own exception.
This was a suggestion at symfony_live to make things more secure. I think it makes sense.
Commits
-------
14acadd checkCredentials() force it to be an affirmative yes!
This PR was squashed before being merged into the 2.3 branch (closes#16294).
Discussion
----------
[PropertyAccess] Major performance improvement
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16179
| License | MIT
| Doc PR | n/a
This PR improves performance of the PropertyAccess component of ~70%.
The two main changes are:
* caching the `PropertyPath` initialization
* caching the guessed access strategy
This is especially important for the `ObjectNormalizer` (Symfony Serializer) and the JSON-LD normalizer ([API Platform](https://api-platform.com)) because they use the `PropertyAccessor` class in large loops (ex: normalization of a list of entities).
Here is the Blackfire comparison: https://blackfire.io/profiles/compare/c42fd275-2b0c-4ce5-8bf3-84762054d31e/graph
The code of the benchmark I've used (with Symfony 2.3 as dependency):
```php
<?php
require 'vendor/autoload.php';
class Foo
{
private $baz;
public $bar;
public function getBaz()
{
return $this->baz;
}
public function setBaz($baz)
{
$this->baz = $baz;
}
}
use Symfony\Component\PropertyAccess\PropertyAccess;
$accessor = PropertyAccess::createPropertyAccessor();
$start = microtime(true);
for ($i = 0; $i < 10000; ++$i) {
$foo = new Foo();
$accessor->setValue($foo, 'bar', 'Lorem');
$accessor->setValue($foo, 'baz', 'Ipsum');
$accessor->getValue($foo, 'bar');
$accessor->getValue($foo, 'baz');
}
echo 'Time: '.(microtime(true) - $start).PHP_EOL;
```
This PR also adds an optional support for Doctrine cache to keep access information across requests and improve the overall application performance (even outside of loops).
Commits
-------
284dc75 [PropertyAccess] Major performance improvement
* 2.7:
added the new Composer exclude-from-classmap option
added the new Composer exclude-from-classmap option
fix expected argument type docblock
Set back libxml settings after testings.
fixed Twig deprecation notices
* 2.3:
added the new Composer exclude-from-classmap option
fix expected argument type docblock
Set back libxml settings after testings.
fixed Twig deprecation notices
This PR was merged into the 2.3 branch.
Discussion
----------
added the new Composer exclude-from-classmap option
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
65bef75 added the new Composer exclude-from-classmap option
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] fix expected argument type docblock
| Q | A
| ------------- | ---
| Fixed tickets |
| License | MIT
Commits
-------
1c01ebc fix expected argument type docblock
This PR was merged into the 2.8 branch.
Discussion
----------
[Routing] fix docblock description for the build() method
| Q | A
| ------------- | ---
| Fixed tickets | #15778
| License | MIT
Commits
-------
ca32ed4 fix docblock description for the build() method
This PR was merged into the 2.3 branch.
Discussion
----------
Set back libxml settings after testings.
| Q | A
| ------------- | ---
| Bug fix? | [yes]
| New feature? | [no]
| BC breaks? | [no]
| Deprecations? | [no]
| Tests pass? | [yes]
| Fixed tickets | none
| License | MIT
| Doc PR | none
Tests that change the `libxml_use_internal_errors` should set back the flag to the previous setting when done testing.
Commits
-------
29d6969 Set back libxml settings after testings.
This PR was merged into the 2.8 branch.
Discussion
----------
[Serializer] polyfill for json_last_error_msg is in php 5.5
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16317
| License | MIT
| Doc PR | -
We need the polyfill for `json_last_error_msg` which is part of php 5.5, not 5.4.
Commits
-------
fb031f1 [Serializer] polyfill for json_last_error_msg is in php 5.5
This PR was merged into the 2.8 branch.
Discussion
----------
Add the PHP 7 polyfill for the random_bytes function
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Some classes (like the `SecureRandom` class) currently depends on the `random_bytes` function, which is only available in the PHP 7 polyfill
Commits
-------
8ab8ca0 Add the PHP 7 polyfill for the random_bytes function
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] don't call constructors on Mongo mock objects
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16287
| License | MIT
| Doc PR |
Calling the parent constructor of the mocked `Mongo` class tries to
connect to a local MongoDB server which fails in case no local server
was configured.
Similarly, when the parent constructor of the mocked `MongoCollection`
class is called it performs checks on the passed arguments which fails
again when a connection was not established successfully before.
Commits
-------
6541b8b don't call constructors on Mongo mock objects
Calling the parent constructor of the mocked `Mongo` class tries to
connect to a local MongoDB server which fails in case no local server
was configured.
Similarly, when the parent constructor of the mocked `MongoCollection`
class is called it performs checks on the passed arguments which fails
again when a connection was not established successfully before.
This PR was merged into the 2.8 branch.
Discussion
----------
[WebProfilerBundle] Filter links in search results
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14110
| License | MIT
| Doc PR |
Quite often I find myself copy/pasting the results from the search results in the profiler search form. Adding links for this allows developers to narrow down to the proper profiler result fast.
Commits
-------
4bffacc [WebProfilerBundle] Filter links in search results
This PR was merged into the 2.8 branch.
Discussion
----------
[Yaml] deprecated usage of @ and ` at the beginning of an unquoted string
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #16234
| License | MIT
| Doc PR | n/a
Commits
-------
7fee29f [Yaml] deprecated usage of @ and ` at the beginning of an unquoted string
* 2.7:
added missing quotes in YAML files
[HttpKernel] Add `@group time-sensitive` on some transient tests
[DoctrineBridge] Fix issue which prevent the profiler to explain a query
Use mb_detect_encoding with $strict = true
don't allow to install the split Security packages
bumped Symfony version to 2.3.35
updated VERSION for 2.3.34
update CONTRIBUTORS for 2.3.34
updated CHANGELOG for 2.3.34
* 2.3:
added missing quotes in YAML files
[HttpKernel] Add `@group time-sensitive` on some transient tests
[DoctrineBridge] Fix issue which prevent the profiler to explain a query
Use mb_detect_encoding with $strict = true
don't allow to install the split Security packages
bumped Symfony version to 2.3.35
updated VERSION for 2.3.34
update CONTRIBUTORS for 2.3.34
updated CHANGELOG for 2.3.34
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Add `@group time-sensitive` on some transient tests
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15617
| License | MIT
| Doc PR | -
Commits
-------
6a7d270 [HttpKernel] Add `@group time-sensitive` on some transient tests
This PR was merged into the 2.8 branch.
Discussion
----------
Rely on iconv and symfony/polyfill-*
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #16240
| License | MIT
| Doc PR | -
Status: needs work
symfony/polyfill-* packages are not ready yet. Still, review welcomed.
Commits
-------
303f05b Rely on iconv and symfony/polyfill-*
This PR was submitted for the 2.8 branch but it was merged into the 2.3 branch instead (closes#16306).
Discussion
----------
[DoctrineBridge] Fix issue which prevent the profiler to explain a query
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
We currently develop a application which only use the doctrine/dbal and not the orm. And we run into a issue that the profiler can't explained any query.
This is because the `SQLLogger` will pass `null` instead of an empty array. And the `sanitizeQuery` method will currently transform this to `array(null)` which leads to an error.
I created an fork, so everyone can reproduce this.
https://github.com/Baachi/symfony-standard
Commits
-------
3490e98 [DoctrineBridge] Fix issue which prevent the profiler to explain a query
This PR was merged into the 2.3 branch.
Discussion
----------
Use mb_detect_encoding with $strict = true
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Otherwise, UTF-8 can be returned for non-UTF8 strings...
See e.g. https://3v4l.org/oMMnX
Commits
-------
e6c89f1 Use mb_detect_encoding with $strict = true
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] don't allow to install the split Security packages
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16134
| License | MIT
| Doc PR |
Currently, you would be able to install the Security component fromm
Symfony 2.3 together with one of the split packages from a higher
Symfony vesion like this:
```json
{
"require": {
"symfony/symfony": "2.3.*",
"symfony/security-core": "~2.7"
}
}
```
However, you will end up with classes being present twice.
This must be reverted after merging up in the `2.7` branch.
Commits
-------
0d14064 don't allow to install the split Security packages
Fabien Potencier
Kevin Bond
Ryan Weaver
Kévin Dunglas
Anne-Sophie Bachelard
Christian Flothmann
Tobias Schultze
Possum
Richard
Pierre du Plessis
Nicolas Grekas
Baachi