This PR was squashed before being merged into the 2.3 branch (closes#15799).
Discussion
----------
[HttpFoundation] NativeSessionStorage `regenerate` method wrongly sets storage as started
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This PR fixes an error when regenerating session IDs for non-active sessions.
Right now, the session is flagged as _started_, no matter if the session ID was successfully regenerated or not, making the storage [unable to _start the session_](6393ec3169/src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php (L130-L132)) later on.
This also fixes a future error with PHP 7, which throws an error if a regeneration is attempted for non-active sessions.
```
session_regenerate_id(): Cannot regenerate session id - session is not active
```
Commits
-------
8e6ef9c [HttpFoundation] NativeSessionStorage method wrongly sets storage as started
This PR was merged into the 2.7 branch.
Discussion
----------
[property-access] Improvement for Accessing Reference Chain
Improve performance for the following scenarios:
- Example 1:
```php
$a = array(
'a' => array(
'b' => array(
'c' => 'old-value'
)
)
);
$pa->setValue($a, '[a][b][c]', 'new-value');
// The PropertyAccessor will try to set values for
// $a['a']['b']['c'], $a['a']['b'] and $a['a'],
// but in fact it may terminate the loop
// right after the value of $a[a][b][c] is set,
// because $a, $[a], $[a][b] and $[a][b][c]
// are all passed as reference - the reference chain is not broken.
```
- Example 2
```php
$b = array(
'a' => array(
'b' => array(
'c' => 'old-value'
)
)
)
$a = new Foo($b);
// In this example, the reference chain of $b is broken,
// because it's passed to $a.value as value
// But its elements are all passed as reference,
// so after setting the value for $b[a][b][c], there is no need
// to set value for $b[a][b] and $b[a]
$pa->setValue($a, 'value[a][b][c]', 'new-value');
```
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
e24a798 [property-access] Improvement for Accessing Reference Chain
This PR was merged into the 2.7 branch.
Discussion
----------
Remove failing test to fix#15935
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15935
| License | MIT
| Doc PR |
Test has been removed on 2.8 already in https://github.com/symfony/symfony/pull/15738/files#diff-990df0e8238847f8ae54e8227f295c22L107
Commits
-------
5392a0c Remove failing test
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#15956).
Discussion
----------
Updated default German IBAN validation message
This PR was submitted on the symfony/validator read-only repository by @synaris and moved automatically to the main Symfony repository (closessymfony/validator#15).
IBAN is an acronym. The term 'IBAN-Kontonummer' is redundant, since the 'AN' part (Account Number) already translates to 'Kontonummer'. It's like saying 'International Bank Account Number Account Number'.
Commits
-------
5423ba0 Updated default German IBAN validation message
IBAN is an acronym. The term 'IBAN-Kontonummer' is redundant, since the 'AN' part (Account Number) already translates to 'Kontonummer'. It's like saying 'International Bank Account Number Account Number'.
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#15955).
Discussion
----------
Fixed incorrect and inconsistent translations
This PR was submitted on the symfony/security read-only repository by @lashae and moved automatically to the main Symfony repository (closessymfony/security#8).
"Fiş" is a correct translation for "token", however "bilet" is also used, I fixed that inconsistency. Moreover, "kimlik bilgileri" is a better translation for "credentials" than "girdiler". "Girdiler" is the translation of "inputs", so I fixed sentences with "credentials". "Hesap engellenmiş" is better than "Hesap devre dışı bırakılmış" for "Account is disabled.". "Digest nonce has expired" can be translated better as "Derleme zaman aşımına uğradı." because "Derleme zaman aşımı gerçekleşti" has a confirmation sense like user requested it to expire and it has expired.
References:
token: http://tureng.com/search/token (3rd entry)
credentials: http://www2.zargan.com/tr/q/credentials-ceviri-nedir (1st entry)
disable: http://tureng.com/search/disable (15th entry)
Commits
-------
f99f40e Fixed incorrect and inconsistent translations
"Fiş" is a correct translation for "token", however "bilet" is also used, I fixed that inconsistency. Moreover, "kimlik bilgileri" is a better translation for "credentials" than "girdiler". "Girdiler" is the translation of "inputs", so I fixed sentences with "credentials". "Hesap engellenmiş" is better than "Hesap devre dışı bırakılmış" for "Account is disabled.". "Digest nonce has expired" can be translated better as "Derleme zaman aşımına uğradı." because "Derleme zaman aşımı gerçekleşti" has a confirmation sense like user requested it to expire and it has expired.
References:
token: http://tureng.com/search/token (3rd entry)
credentials: http://www2.zargan.com/tr/q/credentials-ceviri-nedir (1st entry)
disable: http://tureng.com/search/disable (15th entry)
This PR was merged into the 2.8 branch.
Discussion
----------
[Validator] Sync polish translation file
| Q | A
| ------------- | ---
| Bug fix? | no
| BC breaks? | no
| License | MIT
Commits
-------
7a88c37 [Validator] Sync polish translation file
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#15951).
Discussion
----------
Make Proper English
This PR was submitted on the symfony/browser-kit read-only repository by @redstar504 and moved automatically to the main Symfony repository (closessymfony/browser-kit#4).
Commits
-------
95417f6 Make Proper English
This PR was merged into the 2.8 branch.
Discussion
----------
Easier Custom Authentication errors
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | not yet
This makes failing authentication with a custom message much easier:
```php
throw CustomAuthenticationException::createWithSafeMessage(
'That was a ridiculous username'
);
// or
$e = new CustomAuthenticationException();
$e->setSafeMessage('That was a ridiculous username');
throw $e;
```
Currently, to do this, you'd need to create a new sub-class of `AuthenticationException`, which is way more work than it needs to be. The original design was so that all messages exposed are safe, which is why I've named the methods like I have.
Thanks!
Commits
-------
d7c1463 Adding a class to make it easier to set custom authentication error messages
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Improve AbstractVoter tests
Applying the improved tests from https://github.com/symfony/symfony/pull/15932 into the oldest possible branch.
Merge conflicts from 2.7 into 2.8 caused by this PR do not need to be done carefully, I'll create a new PR for 2.8 updating the tests as soon as these changes are merged up.
| Q | A
| ------------- | ---
| Fixed tickets | -
| License | MIT
Commits
-------
5ff741d Readd the correct tests
This PR was merged into the 2.8 branch.
Discussion
----------
[Console] don't rely on internal sort implementation om test
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14894
| License | MIT
| Doc PR |
PHP does not guarantuee how array elements with the same value will be
sorted when applying `asort()`. Since all namespaces used in the test
produce the same Levenshtein value, we should only check for presence of
these namespaces instead of comparing the exact order.
Commits
-------
3011fa0 don't rely on internal sort implementation in test
PHP does not guarantuee how array elements with the same value will be
sorted when applying `asort()`. Since all namespaces used in the test
produce the same Levenshtein value, we should only check for presence of
these namespaces instead of comparing the exact order.
This PR was merged into the 2.3 branch.
Discussion
----------
[Console] Fix input validation when required arguments are missing
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15505
| License | MIT
| Doc PR | -
The rule that was here in place previously only works when arguments are passed from command line, as in command line there is no way of skipping an argument. The rule does not work for arguments set on the Input after a command is run.
Commits
-------
4982b02 [Console] Add the command name to input arguments if it's missing
f12a4c1 [Console] Fix input validation when required arguments are missing
This PR was merged into the 2.8 branch.
Discussion
----------
[DomCrawler] Deprecate methods inherited from SplObjectStorage
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | half of #15849
| License | MIT
| Doc PR | n/a
There is no documentation change to be done for it: we don't document the fact that DomCrawler extends SplObjectStorage (this is an implementation detail which leaked because of using inheritance rather than composition).
Commits
-------
997c650 Deprecate methods inherited from SplObjectStorage
* 2.8: (28 commits)
Detect Mintty for color support on Windows
Detect Mintty for color support on Windows
[WebProfilerBundle] Fix search button click listener
[Form][Type Date/Time] added choice_translation_domain option.
Massively simplifying the BC and deprecated-throwing code thanks to suggestions by stof in #15870
Making all "debug" messages use the debug router
Making GuardTokenInterface extend TokenInterface
Updating behavior to not continue after an authenticator has set the response
Add a group for tests of the finder against the FTP server
Fix trigger_error calls
Fix legacy security tests
tweaking message related to configuration edge case that we want to be helpful with
Minor tweaks - lowering the required security-http requirement and nulling out a test field
Fix license headers
Fix license headers
Fix license headers
Ensure the ClockMock is loaded before using it in the testsuite
Allow serializer 3.0 in the PropertyInfo component
Add the replace rules for the security-guard component
Forbid serializing a Crawler
...
* 2.7:
Detect Mintty for color support on Windows
Detect Mintty for color support on Windows
Add a group for tests of the finder against the FTP server
Fix license headers
Forbid serializing a Crawler
Fix phpdoc block of NativeSessionStorage class
Added exception when setAutoInitialize is called when locked
[FrameworkBundle] Advanced search templates of bundles
[Security] Allow user providers to be defined in many files
Use random_bytes function if it is available for random number generation
Mintty is now the default terminal in GitBash, and it supports ANSI
colors without the need of ANSICON (it even supports 256 colors rather
than the 16 colors supported by ANSICON).
* 2.3:
Detect Mintty for color support on Windows
Add a group for tests of the finder against the FTP server
Fix license headers
Forbid serializing a Crawler
Fix phpdoc block of NativeSessionStorage class
Added exception when setAutoInitialize is called when locked
[FrameworkBundle] Advanced search templates of bundles
[Security] Allow user providers to be defined in many files
Use random_bytes function if it is available for random number generation
This PR was submitted for the 2.8 branch but it was merged into the 2.3 branch instead (closes#15915).
Discussion
----------
Detect Mintty for color support on Windows
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/5726
Mintty is now the default terminal in GitBash, and it supports ANSI colors without the need of ANSICON (it even supports 256 colors rather than the 16 colors supported by ANSICON).
I submitted it to 2.8 as it can be considered as a new feature. But it should not be hard to merge it in other branches if we decide to consider it as a bugfix (it just needs to be split because VarDumper does not exist in 2.3)
Commits
-------
12743d1 Detect Mintty for color support on Windows
Mintty is now the default terminal in GitBash, and it supports ANSI
colors without the need of ANSICON (it even supports 256 colors rather
than the 16 colors supported by ANSICON).
This PR was merged into the 2.8 branch.
Discussion
----------
Updating behavior to not continue after an authenticator has set the response
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/14673/files#r40492765
| License | MIT
| Doc PR | n/a
This mirrors the behavior in core: *if* a listener sets a response (on success or failure),
then the other listeners are not called. But if a response is *not* set
(which is sometimes the case for success, like in BasicAuthenticationListener),
then the other listeners are called, and can even fail.
It's all a bit of an edge-case, as only one authenticator (like authentication listener) would normally be doing any work on a request, but I think matching the other listeners (since I'm not aware of anyone having issues with its behavior) is best.
Commits
-------
5fa2684 Making all "debug" messages use the debug router
f403444 Updating behavior to not continue after an authenticator has set the response
This PR was merged into the 2.3 branch.
Discussion
----------
Add a group for tests of the finder against the FTP server
This allows to skip them easily when running the testsuite, as they represent a significant part of the testsuite time. These 2 tests together represent 42% of the execution time of the testsuite (all the time being spent connecting to the FTP server).
I also remove the usage of the data provider as a data provider with a single dataset (and used only partially) only makes tests harder to read. and does not save any duplication.
Commits
-------
51147e3 Add a group for tests of the finder against the FTP server
This PR was merged into the 2.8 branch.
Discussion
----------
[2.8][WebProfilerBundle] Fix search button click listener
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This fixes an issue when clicking the sidebar "Search" button **text** instead of the **button**. Then the click event target/srcElement is the *span* child-element, instead of the listening *a* element, which causes errors in the listener, since it expects the listening element. In consequence of that the search form isn't shown.
To fix this, the same technique is used, as for the navigation tabs. Traversing the DOM up to the expected *a* element.
Commits
-------
f9ddddb [WebProfilerBundle] Fix search button click listener
This PR was merged into the 2.8 branch.
Discussion
----------
Abstract voter tweaks
| Q | A
| ------------- | ---
| Bug fix? | yes (a little)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Based on suggestions from stof in #15870, this simplifies the BC and deprecation throwing code. This also adds a BadMethodCallException in case the user doesn't override `isGranted` *or* `voteOnAttribute`, because that's just plain wrong (as is calling `isGranted()` on the parent class directly, since that was formerly abstract).
Commits
-------
c03f5c2 Massively simplifying the BC and deprecated-throwing code thanks to suggestions by stof in #15870
This PR was merged into the 2.8 branch.
Discussion
----------
Making GuardTokenInterface extend TokenInterface
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15884
| License | MIT
| Doc PR | n/a
See #15884
Commits
-------
7f04fbb Making GuardTokenInterface extend TokenInterface
This PR was merged into the 2.8 branch.
Discussion
----------
[Validator] Add Hungarian translation for the BIC constraint
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
f26425b [Validator] Add Hungarian translation for the BIC constraint
This PR was merged into the 2.8 branch.
Discussion
----------
Guard minor tweaks
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Various completely minor things, most from suggestions on #14673
Commits
-------
869d5a7 tweaking message related to configuration edge case that we want to be helpful with
da4758a Minor tweaks - lowering the required security-http requirement and nulling out a test field
This PR was merged into the 2.3 branch.
Discussion
----------
Forbid serializing a Crawler
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Unserializing a Crawler instance creates DOM elements in an invalid state, making the Crawler unusable.
While working on #15849, I figured out that DomCrawler actually inherits ``Serializable`` from its ``SplObjectStorage`` parent, and so I tried to serialize and unserialize one. The answer is that it does not work. This is what happens when trying to call ``parents`` on it for instance:
```
Symfony\Component\DomCrawler\Crawler::parents(): Invalid State Error
```
Commits
-------
12733cb Forbid serializing a Crawler