This PR was submitted for the 2.8 branch but it was merged into the 2.3 branch instead (closes#15355).
Discussion
----------
[Security] Do not save the target path in the session for a stateless firewall
| Q | A
| ------------- | ---
| Bug fix? | partially
| New feature? | partially
| BC breaks? | no
| Deprecations? | no
| Tests pass? | -
| Fixed tickets | -
| License | MIT
| Doc PR | -
Note: I think this PR can be merged into 2.3 because it's like a bug fix
Commits
-------
3358253 [Security] Do not save the target path in the session for a stateless firewall
This PR was submitted for the 2.8 branch but it was merged into the 2.7 branch instead (closes#15306).
Discussion
----------
[HttpKernel] [HttpCache] Fix deprecated error in HttpCache#getSurrogate
| Q | A
| ------------- | ---
| Bug fix? | yes? - I could not find an open issue, but it does appear to be a but to throw a `E_USER_DEPRECATED` when calling a non-depreciated method.
| New feature? | no
| BC breaks? | no
| Deprecations? | no - but related to
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Currently calls to `HttpCache#getEsi` correctly trigger a `E_USER_DEPRECATED` error and inform the user that they should instead use `HttpCache#getSurrogate`.
Unfortunately `HttpCache#getSurrogate` currently calls `$this->getEsi();` which will result in the `E_USER_DEPRECATED` still being triggered.
This pull request simply moves the logic that was previously in `getEsi` to `getSurrogate`, and leaves `getEsi` as a wrapper around `getSurrogate` with the addition of also triggering this warning.
This pull request also effects the 2.7 branch.
Commits
-------
32d964b Fix calls to HttpCache#getSurrogate triggering E_USER_DEPRECATED errors.
This PR was squashed before being merged into the 2.3 branch (closes#15172).
Discussion
----------
[DependencyInjection] fixed FrozenParameterBag and improved Parameter…
The ParameterBagInterface was missing some @throws annotations, so the FrozenParameterBag class was a violation of Liskov subtitution principle. Also the ParameterBagInterface was missing the remove method.
(Optionally the ParameterBagInterface can be later split into two smaller interfaces, because the FrozenParameterBag shouldn't have the add, remove methods in the first place.)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
I have also fixed removing elements from FrozenParameterBag, as introduced by @satahippy
https://github.com/symfony/DependencyInjection/pull/8
Commits
-------
3ad0794 [DependencyInjection] fixed FrozenParameterBag and improved Parameter…
* 2.6:
[Yaml] throw a ParseException on invalid data type
#15331 add infos about deprecated classes to UPGRADE-3.0
[Security] removed useless else condition in SwitchUserListener class.
[travis] Tests deps=low with PHP 5.6
[Console] Fix console output with closed stdout
This PR was merged into the 2.3 branch.
Discussion
----------
[travis] Tests deps=low with PHP 5.6
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I noticed that testing deps=low with the lowest supported PHP skips some tests/features.
I propose to merge the 5.6 and deps=low lines of the test matrix in order to both fix this issue and remove one line in the matrix (thus making tests a bit lighter/faster on travis).
Commits
-------
d3874ec [travis] Tests deps=low with PHP 5.6
This PR was merged into the 2.3 branch.
Discussion
----------
#15331 add infos about deprecated classes to UPGRADE-3.0
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15331
| License | MIT
| Doc PR |
Commits
-------
e391446#15331 add infos about deprecated classes to UPGRADE-3.0
This PR was merged into the 2.7 branch.
Discussion
----------
[TwigBridge] type-dependent path discovery
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15340
| License | MIT
| Doc PR |
With the introduction of the `AbstractFileExtractor` in Symfony 2.7, the
`extract()` method in the `TwigExtractor` class does not necessarily
deal with `SplFileInfo` instances from the Finder component, but also
receives `\SplFileInfo` objects initialized by the base extractor class.
Commits
-------
1e15761 [TwigBridge] type-dependent path discovery
2bf78e5 Resources as string have the same problem
aa7cbbd Introduce failing test case when a SplFileInfo object is passed to the extract() method in the TwigExtractor.
This PR was submitted for the 2.8 branch but it was merged into the 2.6 branch instead (closes#15361).
Discussion
----------
[Yaml] throw a ParseException on invalid data type
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15234
| License | MIT
| Doc PR |
Without this check, PHP would trigger a warning when an array was passed
to `trim()`. The parser must throw a `ParseException` instance on a
malformed YAML string instead.
Commits
-------
adc6b30 [Yaml] throw a ParseException on invalid data type
Without this check, PHP would trigger a warning when an array was passed
to `trim()`. The parser must throw a `ParseException` instance on a
malformed YAML string instead.
With the introduction of the `AbstractFileExtractor` in Symfony 2.7, the
`extract()` method in the `TwigExtractor` class does not necessarily
deal with `SplFileInfo` instances from the Finder component, but also
receives `\SplFileInfo` objects initialized by the base extractor class.
This PR was merged into the 2.7 branch.
Discussion
----------
[Twig+FrameworkBundle] Fix forward compat with Form 2.8
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
When these layouts are used with form 2.8, the readonly attribute is rendered twice. This has no practical consequence, but it breaks tests. This is the last fix required to make 2.7 green again.
Commits
-------
75dc464 [Twig+FrameworkBundle] Fix forward compat with Form 2.8
This PR was merged into the 2.7 branch.
Discussion
----------
[Serializer] Fix 2 bugs regarding private setters
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Fix two bugs reported in b5990be491 (commitcomment-12301266)
1. Arguments set in the constructor was not properly removed from `$data`
2. `GetSetMethodNormalizer` was calling private setters, throwing an exception
cc @StanAngeloff
Commits
-------
65e9f26 [Serializer] Fix bugs reported in b5990be491 (commitcomment-12301266)
This PR was squashed before being merged into the 2.6 branch (closes#15317).
Discussion
----------
[2.6] Static Code Analysis for Components
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Static Code Analysis with Php Inspections (EA Extended):
- fixed couple potential issues when code is running in a phar-file
Commits
-------
37a2353 [2.6] Static Code Analysis for Components
This PR was merged into the 2.6 branch.
Discussion
----------
[Security/Http] Fix test relying on a private property
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I'm not 100% sure what was tested by this, but this test was using a private property (`AnonymousToken->key`), that has been renamed to `secret` in later Sf versions.
Commits
-------
2d29ac1 [Security/Http] Fix test relying on a private property
* 2.6:
[Security] fix check for empty usernames
[Form] updated exception message of ButtonBuilder::setRequestHandler()
[travis] Fix deps=high jobs
[HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content
[DependencyInjection] Remove unused code in XmlFileLoader
[HttpFoundation] Behaviour change in PHP7 for substr
bumped Symfony version to 2.3.32
updated VERSION for 2.3.31
update CONTRIBUTORS for 2.3.31
updated CHANGELOG for 2.3.31
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
* 2.3:
[Security] fix check for empty usernames
[Form] updated exception message of ButtonBuilder::setRequestHandler()
[travis] Fix deps=high jobs
[HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content
[DependencyInjection] Remove unused code in XmlFileLoader
[HttpFoundation] Behaviour change in PHP7 for substr
bumped Symfony version to 2.3.32
updated VERSION for 2.3.31
update CONTRIBUTORS for 2.3.31
updated CHANGELOG for 2.3.31
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php
src/Symfony/Component/HttpKernel/Kernel.php
This PR was merged into the 2.3 branch.
Discussion
----------
[travis] Fix deps=high/low jobs
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15230
| License | MIT
| Doc PR | -
Commits
-------
1c9b433 [travis] Fix deps=high jobs
This PR was submitted for the 2.7 branch but it was merged into the 2.3 branch instead (closes#15324).
Discussion
----------
[Form] updated exception message of ButtonBuilder::setRequestHandler()
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
b483ee2 [Form] updated exception message of ButtonBuilder::setRequestHandler()
* 2.6:
[HttpFoundation] Fix Response::closeOutputBuffers() for HHVM 3.3
bumped Symfony version to 2.6.11
updated VERSION for 2.6.10
updated CHANGELOG for 2.6.10
[PropertyAccess] setValue & isWritable loops must only stops on reference and object. References can also be arrays and if the loop stops the value is never set in the object. (Breaks since 2.6.5 commit e3e4695)
This PR was squashed before being merged into the 2.3 branch (closes#15249).
Discussion
----------
[HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | not yet
* Allows to fix tests of https://github.com/symfony/psr-http-message-bridge with PHP 5.6.
* Ease the transition to PSR-7 (in PSR-7, almost everything is stream - #15186)
Maybe should I open it against 2.8 but it can be considered a bug fix at least for the part "returning a string as a resource".
Commits
-------
059964d [HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content