This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Improve performance of ControllerNameParser
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Today I was searching for bottlenecks in my application using Blackfire. And among other things I found one in Symfony. Blackfire showed that `Symfony\Bundle\FrameworkBundle\Controller\ControllerNameParser::findAlternative()` was called almost 300 times which took 28 miliseconds.
It turns out that `Symfony\Bundle\FrameworkBundle\Routing\DelegatingLoader::load()` is calling `ControllerNameParser::parse()` without actually needing to do so because `$controller` is in the class::method notation already. `ControllerNameParser` threw an exception, DelegatingLoader caught and ignored it - that's ok. The problem is that generating the exception message took a lot of time because findAlternative is slow. In my case it called the levenshtein function over 5000 times which was completely useless because the exception is ignored anyway.
Commits
-------
cf333f3 [FrameworkBundle] Improve performance of ControllerNameParser
This PR was merged into the 2.7 branch.
Discussion
----------
[SecurityBundle] Fix complete config tests
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Fixes a little bug in `*CompleteConfigurationTest`: if a test fails for one format, subsequent tests for other formats will also fail. This is because subsequent tests actually use the container built from the very first tested config, which is PHP if all tests are ran.
This can be reproduced by changing a value in the PHP config fixtures. `PhpCompleteConfigurationTest` will fail as expected but `XmlCompleteConfigurationTest` and `YamlCompleteConfigurationTest` will fail too, which is not expected.
Commits
-------
b25c1d3 Fix complete config tests
This PR was merged into the 2.7 branch.
Discussion
----------
Enhance GAE compat by removing some realpath()
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20241
| License | MIT
| Doc PR | -
The remaining ones are in test folders, or in things that don't run/have to run on GAE directly (e.g. commands).
Commits
-------
f2f232d Enhance GAE compat by removing some realpath()
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Convert null prefix to an empty string in translation:update
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20044
| License | MIT
| Doc PR | n/a
This command needs the ability to use an empty string as prefix, which is not possible using `bin/console translation:update --prefix=""` because `$argv` doesn't parse empty strings thus the value is converted to `null` by `ArgvInput` (only since #19946, before the option was not considered to be set, giving the default `'__'` thus this should be fine from a BC pov).
Here I propose to explicitly convert the `prefix` value to an empty string if set to `null`, as it is a very specific need and we can't guess that from `ArgvInput`.
An other way to fix it could be to add a `--no-prefix` option to the command but I don't think it is worth it, and it couldn't be treated as a bug fix thus not fixed before `3.2`.
Commits
-------
f02b687 [FrameworkBundle] Convert null prefix to an empty string in translation:update command
This PR was merged into the 2.7 branch.
Discussion
----------
[Yaml][TwigBridge] Use JSON_UNESCAPED_SLASHES for lint commands output
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Slashes are escaped when sing the `lint:twig` and `lint:yaml` commands with the `format` option set to `json`, giving such results:
```json
[
{
"file": "yaml\/wrong\/1.yml",
"valid": false,
"message": "Unable to parse at line 1 (near \";:cc`\")."
}
]
```
That's not convenient as file paths may be reused (e.g. copy-pasted).
Results stay fine as error messages are already escaped:
```json
[
{
"file": "yaml/wrong/1.yml",
"valid": false,
"message": "Unable to parse at line 1 (near \";:cc`\")."
}
]
```
Commits
-------
0427594 Use JSON_UNESCAPED_SLASHES for lint commands output
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Check for class existence before is_subclass_of
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Same as #19342
Commits
-------
8a9e0f5 [FrameworkBundle] Check for class existence before is_subclass_of
This commit fix a bug when using debug function too soon.
For example, if you call dump function during kernel::boot() the
dump output will be sent to stderr, even in a web context.
With this patch, the data collector is used by default, so the
dump output is send to the WDT. In a CLI context, if dump is used
too soon, the datacollector will buffer it, and release it at the
end of the script. So in this case everything will be visible by the
end used.
This PR was squashed before being merged into the 2.7 branch (closes#19373).
Discussion
----------
[Form] Skip CSRF validation on form when POST max size is exceeded
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19140
| License | MIT
| Doc PR | N/A
In #19140 the CSRF validation listener was not aware that the POST max size had exceeded, and was adding a form error message that wasn't relevant to the actual error.
This introduces the `ServerParams` utility class into the `CsrfValidationListener` and checks that the POST max size has not been exceeded. If it has then it won't bother trying to validate the CSRF token.
My main concern with this change is that it opens up an attack vector around tokens, but I've encapsulated the request size validation in a single method in `ServerParams` now so that the request handlers are using the same logic.
Commits
-------
289531f [Form] Skip CSRF validation on form when POST max size is exceeded
This PR was squashed before being merged into the 2.7 branch (closes#19405).
Discussion
----------
Fixed bugs in names of classes and methods.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
It's related to case sensitive.
I changed only calls of names of called methods but not definition of methods because BC.
Commits
-------
c41aa03 Fixed bugs in names of classes and methods.
This PR was squashed before being merged into the 2.7 branch (closes#18688).
Discussion
----------
[HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#6526
Emit a warning when a request has both a trusted Forwarded header and a trusted X-Forwarded-For header, as this is most likely a misconfiguration which causes security issues.
Commits
-------
ee8842f [HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
This PR was squashed before being merged into the 2.7 branch (closes#18971).
Discussion
----------
Do not inject web debug toolbar on attachments
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #18965
| License | MIT
| Doc PR | -
Commits
-------
4a7d836 Do not inject web debug toolbar on attachments
* 2.3:
updated VERSION for 2.3.42
update CONTRIBUTORS for 2.3.42
updated CHANGELOG for 2.3.42
Revert "bug #18908 [DependencyInjection] force enabling the external XML entity loaders (xabbuh)"
Partial revert of previous PR
[DependencyInjection] Skip deep reference check for 'service_container'
Catch \Throwable
[Serializer] Add missing @throws annotations
Fix for #18843
force enabling the external XML entity loaders
Removed UTC specification with timestamp
This PR was merged into the 2.7 branch.
Discussion
----------
Use levenshtein level for better Bundle matching
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
_I've targetted 2.7 branch since this was introduced in the 2.6 version but the 2.6 isn't maintain anymore._
**TL;DR:** I found unused code in bad bundle exception when Symfony try to find the best bundle to fix the typo. Should we remove that code (and got a potential lower matching bundle name) or keep it and make it work?
-----
I've noticed that a part of the code wasn't used when determining which bundle typo was written on _bad bundle exception_, from https://github.com/symfony/symfony/pull/11210.
```php
$alternative = null;
$shortest = null;
foreach ($bundleNames as $bundleName) {
// if there's a partial match, return it immediately
if (false !== strpos($bundleName, $nonExistentBundleName)) {
return $bundleName;
}
$lev = levenshtein($nonExistentBundleName, $bundleName);
if ($lev <= strlen($nonExistentBundleName) / 3 && ($alternative === null || $lev < $shortest)) {
$alternative = $bundleName;
}
}
```
In this snippet, the `$shortest` wasn't update in the `foreach`. Reading the code, I guess it was supposed to add an even better accuracy when multiple bundle matche the typo'd bundle name.
Which mean when an alternative is found, we have to assign the level `$lev` from that match to `$shortest`.
```php
if ($lev <= strlen($nonExistentBundleName) / 3 && ($alternative === null || $lev < $shortest)) {
$alternative = $bundleName;
$shortest = $lev;
}
```
Let say you have these bundles: `FoooooBundle` and `FooBundle` and you request the bundle `FoodBundle`.
- Without `$shortest` updated, you'll got a suggestion with `FoooooBundle` (first matching bundle found)
- With `$shortest` upadted, you'll got a suggestion with `FooBundle` (because it has a better level than `FoooooBundle`)
This isn't a _bug fix_ since this is only supposed to help developper but not the final user.
**Question is**: should we keep that level comparison or just remove it?
Commits
-------
ac7f74e Use levenshtein level for better Bundle matching
* 2.3:
[2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
call get() after the container was compiled
Fixed readme of OptionsResolver
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Remove misleading comment
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This is not true for service_container anymore.
Commits
-------
9f2f858 [FrameworkBundle] Remove misleading comment
This PR was merged into the 2.7 branch.
Discussion
----------
[2.7][WebProfilerBunde] Give an absolute url in case the request occured from another domain
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This is related to #18413:
Using two symfony application ProjectA and MicroServiceB, if ProjectA issues XHR to MicroServiceB and both have the WebProfilerBundle enabled, then Ajax requests will be monitored in ProjectA. But - at the moment - it will try to look for profiles under ProjectA domain whereas data are stored on MicroServiceB domain.
This PR fixes this issue
Commits
-------
1a5d4ad [WebProfilerBunde] Give an absolute url in case the request occured from another domain
* 2.3:
Detect CLI color support for Windows 10 build 10586
[EventDispatcher] Try first if the event is Stopped
[FrameworkBundle] fixes grammar in container:debug command manual.
Conflicts:
src/Symfony/Component/EventDispatcher/EventDispatcher.php
src/Symfony/Component/HttpKernel/Debug/TraceableEventDispatcher.php
* 2.3:
[Validator] use correct term for a property in docblock (not "option")
[PropertyAccess] Remove most ref mismatches to improve perf
[Validator] EmailValidator cannot extract hostname if email contains multiple @ symbols
[NumberFormatter] Fix invalid numeric literal on PHP 7
Use XML_ELEMENT_NODE in nodeType check
[PropertyAccess] Reduce overhead of UnexpectedTypeException tracking
[PropertyAccess] Throw an UnexpectedTypeException when the type do not match
[FrameworkBundle] Add tests for the Controller class
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Tests/Controller/ControllerTest.php
src/Symfony/Component/Intl/NumberFormatter/NumberFormatter.php
src/Symfony/Component/PropertyAccess/PropertyAccessor.php
src/Symfony/Component/PropertyAccess/PropertyAccessorInterface.php
src/Symfony/Component/PropertyAccess/PropertyPath.php
src/Symfony/Component/PropertyAccess/Tests/PropertyAccessorTest.php
src/Symfony/Component/Validator/Constraints/EmailValidator.php
* 2.3:
Improved the PHPdoc of FileSystem::copy()
[Validator] Test DNS Email constraints using checkdnsrr() mock
[travis] Run real php subprocesses on hhvm for Process component tests
bug #18161 [Translation] Add support for fuzzy tags in PoFileLoader
[Form] Fix NumberToLocalizedStringTransformer::reverseTransform with big integers
[Form] Fix INT64 cast to float in IntegerType.
[SecurityBundle][PHPDoc] Added method doumentation for SecurityFactoryInterface
FrameworkBundle: Client: getContainer(): fixed phpdoc
[Validator] Updating inaccurate docblock comment
Conflicts:
.travis.yml
src/Symfony/Component/Validator/Tests/Constraints/EmailValidatorTest.php
* 2.3:
[HttpFoundation] Fix transient test
[HttpFoundation] Add a dependency on the mbstring polyfill
add readme files where missing
Don't use reflections when possible
[Form] Update form tests after the ICU data update
[Intl] Update tests and the number formatter to match behaviour of the intl extension
[Intl] Update the ICU data to version 55
[Intl] Fix the update-data.php script in preparation for ICU 5.5
Use constant instead of function call.
fixed test name
automatically generate safe fallback filename
Conflicts:
src/Symfony/Component/Debug/Debug.php
src/Symfony/Component/HttpFoundation/composer.json
src/Symfony/Component/Serializer/Tests/Normalizer/GetSetMethodNormalizerTest.php
This PR was merged into the 2.7 branch.
Discussion
----------
[2.7] Don't use reflection when possible
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
See https://github.com/symfony/symfony/pull/18021
Commits
-------
35be501 Don't use reflections when possible
* 2.3:
Updated all the README files
[TwigBundle] Fix failing test on appveyor
[FrameworkBundle] Fix a regression in handling absolute and namespaced template paths
Allow to normalize \Traversable
Remove _path from query parameters when fragment is a subrequest and request attributes are already set Added tests for _path removal in FragmentListener
Simplified everything
Added a test
Fixed the problem in an easier way
Fixed a syntax issue
Improved the error message when a template is not found
[CodingStandards] Conformed to coding standards
[TwigBundle] fixed Include file locations in "Template could not be found" exception
This PR was merged into the 2.3 branch.
Discussion
----------
Improved the error message when a template is not found
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | #14806
| License | MIT
| Doc PR | -
### Before
### After
This seems to work in the browser ... but I can't make tests pass. Could anybody please help me? Thanks!
Commits
-------
0134d76 Simplified everything
19bfa2e Added a test
88b913b Fixed the problem in an easier way
35f082f Fixed a syntax issue
968476b Improved the error message when a template is not found
e9d951a [CodingStandards] Conformed to coding standards
d3fe07b [TwigBundle] fixed Include file locations in "Template could not be found" exception
This PR was squashed before being merged into the 2.7 branch (closes#17744).
Discussion
----------
Improve error reporting in router panel of web profiler
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #17342
| License | MIT
| Doc PR | -
### Problem
If you define a route condition like this:
```yaml
app:
resource: '@AppBundle/Controller/'
type: annotation
condition: "request.server.get('HTTP_HOST') matches '/.*\.dev/'"
```
When browsing the Routing panel in the web profiler, you see an exception:
#### Why?
Because the route condition uses the `request` object, but the special `TraceableUrlMatcher` class doesn't get access to the real `request` object but to the special object obtained via:
```php
$request = $profile->getCollector('request');
```
These are the contents of this pseudo-request:
`request.server.get(...)` condition fails because `request.server` is `null`. The full exception message shows this:
### Solution
I propose to catch all exceptions in `TraceableUrlMatcher` and display an error message with some details of the exception:
Commits
-------
1001554 Improve error reporting in router panel of web profiler
This PR was merged into the 2.3 branch.
Discussion
----------
[FrameworkBundle] Fix a regression in handling absolute template paths
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #17777#17683
| License | MIT
| Doc PR | -
Regression introduced by #15272.
Commits
-------
d8c493f [FrameworkBundle] Fix a regression in handling absolute and namespaced template paths
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Test that ObjectNormalizer is registered
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
129b140 [FrameworkBundle] Test that ObjectNormalizer is registered
* 2.3:
#17676 - making the proxy instantiation compatible with ProxyManager 2.x by detecting proxy features
Fix bug when using an private aliased factory service
ChoiceFormField of type "select" could be "disabled"
Update contributing docs
[Console] Fix escaping of trailing backslashes
Fix constraint validator alias being required
[ci] clone with depth=1 to kill push-forced PRs
Add check on If-Range header
This PR was merged into the 2.7 branch.
Discussion
----------
Update twig.html.twig
| Q | A
| ------------- | ---
| Bug fix? | [no]
| New feature? | [yes]
| BC breaks? | [no]
| Deprecations? | [no]
| Tests pass? | [yes]
| Fixed tickets |
| License | MIT
| Doc PR |
Replace base64 template icon with svg version. If you set the Content-Security-Policy you would need to provide "img-src 'self' data:;" just for that icon (or get an error in the console). This should be fixed in the new version of the toolbar but it would be nice to have a fix for 2.7 LTS too.
Commits
-------
d29f04c Update twig.html.twig
Replace base64 template icon with svg version. If you set the Content-Security-Policy you would need to provide "img-src 'self' data:;" just for that icon (or get an error in the console). This should be fixed in the new version of the toolbar but it would be nice to have a fix for 2.7 LTS too.
This PR was merged into the 2.3 branch.
Discussion
----------
[FrameworkBundle] read commands from bundles when accessing list
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This allows access to the list of commands registered by the kernel (bundle and later service ids) programmatically when you do not `run` the application.
Commits
-------
0fe3088 register commands from kernel when accessing list
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Fix choice placeholder edge cases
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Fixing several problems with choice placeholder that enhances #9030 for more edge cases:
- A choice with an empty value manually added in the choices array should only be considered a placeholder when it is the first element in the final choice select.
This is part of the HTML spec and how browsers also behave. If you select a choice with an empty value that is not the first option, it will still pass the "required" check
and thus submit the empty value. So it's not a placeholder.
If in the example below you move the empty option to the first place, the browsers will error on submit that you
must select a value. So only then it is a placeholder to show as initial value.
```html
<select id="form_timezone" name="form[timezone]" required="required">
<option value="Africa/Abidjan">Abidjan</option>
<option value="">Empty</option>
</select>
```
Also the validator https://validator.w3.org/nu/ will mark the above code as error:
> The first child option element of a select element with a required attribute, and without a multiple attribute, and without a size attribute whose value is greater than 1, must have either an empty value attribute, or must have no text content. Consider either adding a placeholder option label, or adding a size attribute with a value equal to the number of option elements.
This is fixed by replacing`0 !== count($choiceList->getChoicesForValues(array('')))` with `$view->vars['placeholder_in_choices'] = $choiceListView->hasPlaceholder()`.
Which means, the required attribute is removed automatically because the select form element is required implicitly anyway due to the nature of the choice UI.
- As the above quote mentions, the `size` attribute also has impact. Namely for a select with size > 1 it can be possible to have a required attribute even without placeholder.
This is because when the size > 1, there is no default choice selected (similar to select with "multiple").
- A placeholder for required radio buttons or a select with size > 1 does not make sense as it would just be fake data that can be submitted (similar to the ignored placeholder for multi-select and checkboxes).
Commits
-------
0efbc30 [Form] fix edge cases with choice placeholder
* 2.3:
remove unnecessary retrieval and setting of data
avoid (string) catchable fatal error for __PHP_Incomplete_Class instances
sendContent return as parent.
[FrameworkBundle] Fix a typo
* 2.3:
[travis] Add some comments
changed operator from and to &&
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/choice_widget_collapsed.html.php
* 2.3:
fix container cache key generation
[Translation] Add resources from fallback locale
[DependencyInjection] enforce tags to have a name
[YAML] Refine the return value of Yaml::parse()
If the actual class name were not taken into, we would not be able to
detect inconsistencies between the different configuration formats (PHP,
YAML, and XML) as the container built based on the first evaluated
configuration format would be cached and reused by tests for the other
formats too.
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] remove default null value for asset version
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Setting `null` as the version of a package means that it uses the empty
version strategy. However, omitting the `version` option entirely was
meant to fall back to the default version strategy. This is not possible
when the default version value is `null` as there is no way to remove
it.
Commits
-------
25f735f remove default null value for asset version
