This PR was merged into the 2.7 branch.
Discussion
----------
[WebProfilerBundle] Normalize whitespace in exceptions passed in headers
| Q | A
| ------------- | ---
| Branch? | 2.7 upwards
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22072
| License | MIT
If an exception was thrown with line separators in its message the WebProfiler would cause an exception by passing it through unsanitized into the X-Debug-Error HTTP header. This commit fixes that by replacing all whitespace sequences with a single space in the header.
Commits
-------
d64679014b [WebProfilerBundle] Normalize whitespace in exceptions passed in headers
If an exception was thrown with line separators in its message the
WebProfiler would cause an exception by passing it through unsanitized
into the X-Debug-Error HTTP header. This commit fixes that by replacing
all whitespace sequences with a single space in the header.
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] Fix test
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Should make 2.7 green again on Travis.
Commits
-------
ba8f46ad23 [HttpKernel] Fix test
This PR was merged into the 2.7 branch.
Discussion
----------
[Console] Escape exception messages in renderException
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22021
| License | MIT
| Doc PR | n/a
Adding style on exception messages should be prevented, it leads to weird results.
> Allowing formatting in them would be a nightmare, given that Symfony itself applies some formatting when rendering the exception.
Commits
-------
cb1348231a [Console] Escape exception messages
This PR was merged into the 2.7 branch.
Discussion
----------
[Filesystem] normalize paths before making them relative
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22083
| License | MIT
| Doc PR |
Commits
-------
d50ffa1de7 normalize paths before making them relative
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation][DX] MockArraySessionStorage: phpdocs update
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Commits
-------
967f7a7add MockArraySessionStorage: updated phpdoc for $bags so that IDE autocompletion would work
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fixed roles serialization on token from user object
| Q | A |
| --- | --- |
| Branch? | 2.7 |
| Bug fix? | yes |
| New feature? | no |
| BC breaks? | no |
| Deprecations? | no |
| Tests pass? | yes |
| Fixed tickets | #14274 |
| License | MIT |
| Doc PR | - |
This PR fixes the serialization of tokens when using `Role` objects provided from the user. Indeed, there were actually a reference issue that can causes fatal errors like the following one:
```
FatalErrorException in RoleHierarchy.php line 43:
Error: Call to a member function getRole() on string
```
Here is a small code example to reproduce and its output:
``` php
$user = new Symfony\Component\Security\Core\User\User('name', 'password', [
new Symfony\Component\Security\Core\Role\Role('name')
]);
$token = new Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken($user, 'password', 'providerKey', $user->getRoles());
$serialized = serialize($token);
$unserialized = unserialize($serialized);
var_dump($unserialized->getRoles());
```
Before:
```
array(1) { [0]=> bool(true) }
```
After:
```
array(1) { [0]=> object(Symfony\Component\Security\Core\Role\Role)#15 (1) {["role":"Symfony\Component\Security\Core\Role\Role":private]=> string(4) "name" } }
```
Thank you
Commits
-------
dfa7f5020e [Security] Fixed roles serialization on token from user object
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] simplify the SwitchUserListenerTest
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
While working on #22048 I noticed that the `SwitchUserListenerTest` was more complicated than necessary by mocking a lot of stuff that didn't need to be mocked.
Commits
-------
923bbdbf9f [Security] simplify the SwitchUserListenerTest
This PR was squashed before being merged into the 2.7 branch (closes#21968).
Discussion
----------
Fixed pathinfo calculation for requests starting with a question mark.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21967
| License | MIT
| Doc PR |
With improper `strpos` result check calculated pathinfo for requests starting with '?' equals to request itself.
Correct pathinfo for those requests should be '/'.
Commits
-------
43297b45de Fixed pathinfo calculation for requests starting with a question mark.
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] Fix Request::getHost() when having several hosts in X_FORWARDED_HOST
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The first "host" in the list provided by `X_FORWARDED_HOST` should be the one, not the last.
Already the case for "port" and "scheme".
Commits
-------
9a2b2de64f [HttpFoundation] Fix Request::getHost() when having several hosts in X_FORWARDED_HOST
This PR was squashed before being merged into the 2.7 branch (closes#22099).
Discussion
----------
HttpCache: New test for revalidating responses with an expired TTL
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
See #22035, in particular [this and the following comments](https://github.com/symfony/symfony/pull/22035#issuecomment-287572234).
Commits
-------
067ab52ba0 HttpCache: New test for revalidating responses with an expired TTL
This PR was merged into the 2.7 branch.
Discussion
----------
[Serializer] [XML] Ignore Process Instruction
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22005
| License | MIT
| Doc PR | N/A
This Pull request ignores Process instruction data in XML for decoding the data.
Commits
-------
0c741f5704 [Serializer] [XML] Ignore Process Instruction
This PR was merged into the 2.7 branch.
Discussion
----------
fix some risky tests
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
PHPUnit 6 marks tests as risky when they have no assertions (and are not marked as skipped or incomplete). This PR will update our test suite accordingly.
Component that still need to be covered:
- [ ] Config
- [ ] Form
- [ ] HttpFoundation
- [ ] Security
- [ ] Workflow
Commits
-------
abf1787dcc fix some risky tests
This PR was squashed before being merged into the 2.7 branch (closes#22012).
Discussion
----------
[DI] [YamlFileLoader] change error message of a non existing file
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22007
| License | MIT
| Doc PR | symfony/symfony-docs
This PR replaces the error message when non existing Yaml file is loaded. It gives more sense for the user.
Commits
-------
1c2ea97585 [DI] [YamlFileLoader] change error message of a non existing file
This PR was squashed before being merged into the 2.7 branch (closes#21523).
Discussion
----------
#20411 fix Yaml parsing for very long quoted strings
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20411
| License | MIT
| Doc PR | no
This is a second fix for the issue discussed in #20411. My first PR (#21279) didn't fix the bug in all cases, sorry.
If a YAML string has too many spaces in the value, it can trigger a `PREG_BACKTRACK_LIMIT_ERROR` error in the Yaml parser.
There should be no behavioural change other than the bug fix
I have included a test which fails before this fix and passes after this fix.
I have also added checks that detect other PCRE internal errors and throw a more descriptive exception. Before this patch, the YAML engine would often give incorrect results, rather than throwing, on a PCRE `PREG_BACKTRACK_LIMIT_ERROR` error.
Commits
-------
c9a1c09182#20411 fix Yaml parsing for very long quoted strings
This PR was merged into the 2.7 branch.
Discussion
----------
[Doctrine Bridge] fix priority for doctrine event listeners
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21977
| License | MIT
| Doc PR | -
This fixes handling the priorities for doctrine event listeners. As found out by @chapterjason in https://github.com/symfony/symfony/issues/21977 the priority was incorrectly handled as soon as a listener had more than one tag (so listening to multiple events).
With this changes all tagged listeners are globally sorted by priority (using the same stable sort approach as in the later available `PriorityTaggedServiceTrait`) and then added one by one to the event manager.
I also updated the tests a bit as it was not covering all cases.
We also have to extend the docs for it I think as it does not mention the `priority` and `lazy` option at all? http://symfony.com/doc/current/doctrine/event_listeners_subscribers.html
Commits
-------
9d9d4efb88 [Doctrine Bridge] fix priority for doctrine event listeners
This PR was merged into the 2.7 branch.
Discussion
----------
Use PHP functions as array_map callbacks when possible
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
We already do that in 99% of the cases ... but there were 3 occurrences where we didn't do it.
Commits
-------
405bd4cc81 Use PHP functions as array_map callbacks when possible
This PR was merged into the 2.7 branch.
Discussion
----------
[Console] Use proper line endings in BufferedOutput
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
`BufferOutput` should be consistent with `StreamOutput` when writing newlines.
I faced an issue using this class in tests where the expected output was platform dependent (using `PHP_EOL` too).
Commits
-------
33946e69c0 Use proper line endings
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Fix cleaning of test dirs
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I spent an hour or two today debugging a non existent issue that was related to a non removed temporary file.
Let's cleanup properly now in the base WebTestCase.
Commits
-------
4842c86 [FrameworkBundle] Fix cleaning of test dirs
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] context listener: hardening user provider handling
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #4498
| License | MIT
| Doc PR |
After the wrong fix in #21791 this is the second attempt to solve #4498. If more than one user provider support the user for the current context, all of them will be applied instead of returning prematurely when the first user provider does not find the logged in user.
Commits
-------
0fb09293fd context listener: hardening user provider handling
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] fix Kernel name when stored in a directory starting with a number
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20489
| License | MIT
| Doc PR | -
replaces #20750
Commits
-------
f244eb8414 [HttpKernel] fixed Kernel name when stored in a directory starting with a number
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Fixed typo in a test after #21877
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Reviewing the diff on GitHub, I realized I've missed some typos in a new test of #21877. Sorry!
Commits
-------
b21a0978de [Form] Fixed typo in a test after #21877
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Hardened form type tests
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
This one the PRs to come targeting 2.7 needed to harden the code base before doing some changes in master.
It takes care of the form types tests part (even if some other tests will be added later, it will also be easier after it), and unlocks merging https://github.com/symfony/symfony/pull/21481.
It also back ports tests added in https://github.com/symfony/symfony/pull/18357 for the TextType.
Since it's very hard to merge branches when modifying tests because of BC, and making every test type extend the base type test would involve many function calls to get the tested type, the function `getTestedType` is no longer abstract and return a constant to override instead, it's much better for performance, I didn't change the call in the base type test to keep BC but I suggest to deprecate it in master. Even if those are tests I really think it is worth keeping BC here.
The constants also ease testing in the ecosystem of form related libraries that need to be compatible with Symfony 2.7 and 3. I think using "test" as both prefix and suffix on namespaces, classes and names of the constants should discourage using them in real application code. Since this is just about our test suite, I don't think this should be considered a feature, so tis change should be good for 2.7.
Two other PRs will follow to solve conflicts in 2.8 and 3.2.
I missed last month patches, I hope I won't this time :).
Commits
-------
8cfc3e92ed [Form] Hardened form type tests
This PR was squashed before being merged into the 2.7 branch (closes#21671).
Discussion
----------
[Serializer] Xml encoder throws exception for valid data
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21617
| License | MIT
| Doc PR | None
#21617 Xml encoder throws exception for valid data
- add tests for bool and object encoding
- fix encoding for object in array and field
Commits
-------
5c2d4c671e [Serializer] Xml encoder throws exception for valid data
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] fix Composer constraint
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The `MAX_USERNAME_LENGTH` constant introduced by #18733 that is used in the `UsernamePasswordFormAuthenticationListener` was first part of Symfony 2.7.13 and 2.8.6.
Commits
-------
69a572d [Security] fix Composer constraint
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] fix test class location
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Keeping the test file in the old location means that it is not available in the `symfony/security-http` subtree split.
Commits
-------
1ed0092 fix test class location
This PR was merged into the 2.7 branch.
Discussion
----------
[Routing] Ignore hidden directories when loading routes from annotations
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21497
| License | MIT
| Doc PR | -
The problem surfaced after implementing #18869. Therefore it doesn't exist on 2.7, but I'd still merge it there to avoid conflicts when merging between branches. Without this fix, the oldest branch the added test will fail is 3.2.
Commits
-------
ce9df0237c [Routing] Ignore hidden directories when loading routes from annotations
This PR was squashed before being merged into the 2.7 branch (closes#21267).
Discussion
----------
[Form] Fix ChoiceType to ensure submitted data is not nested unnecessarily
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Fixed ChoiceType to protect against some problem caused by treating of array.
Let's say we have the choice-form like:
```php
$form = $factory->create(ChoiceType, null, [
'choices' => [
'A',
'B',
'C',
],
'expanded' => true,
'multiple' => true,
]);
```
Then, submit data like this:
```php
$form->submit([
[], // unnecessality nested
]);
```
(Yes, I agree in most cases these situation doesn't happen, but can be)
Then, we get `array_flip(): Can only flip STRING and INTEGER values!` error at [here](6babdb3296/src/Symfony/Component/Form/Extension/Core/Type/ChoiceType.php (L114)).
Even if form is not `multiple`, annoying `Array to string conversion` error occurs in [here](6babdb3296/src/Symfony/Component/Form/ChoiceList/ArrayChoiceList.php (L144)) (via [ChoicesToValuesTransformer](5129c4cf7e/src/Symfony/Component/Form/Extension/Core/DataTransformer/ChoicesToValuesTransformer.php (L74))).
(As far as I know, non-multiple and non-expanded form has no problem, thanks to [ChoiceToValueTransformer](6babdb3296/src/Symfony/Component/Form/Extension/Core/DataTransformer/ChoiceToValueTransformer.php (L43)))
To resolve these problems, I just added a simple-validation listener to choice type.
Commits
-------
64d7a82d28 [Form] Fix ChoiceType to ensure submitted data is not nested unnecessarily
This PR was merged into the 2.7 branch.
Discussion
----------
[Yaml] add tests for specific mapping keys
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | see https://github.com/symfony/symfony/pull/21643#discussion_r101703130
| License | MIT
| Doc PR |
Commits
-------
b8e0d705f6 [Yaml] add tests for specific mapping keys
This PR was merged into the 2.7 branch.
Discussion
----------
Fix emacs link
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes (minor)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | none
When an Emacs buffer is modified, by default Emacs automatically creates a
temporary symlink in the same directory as the file being edited (e.g. Controller.php):
```
.#Controller.php -> user@host.12345:1296583136
```
where '12345' is [the Emacs' PID][1].
In this case Symfony breaks with a RuntimeException:
```
SplFileInfo::getMTime(): stat failed for ...Bundle/Controller/.#APIController.php
```
in
vendor/symfony/symfony/src/Symfony/Component/Config/Resource/DirectoryResource.php
at line 89
```
$newestMTime = max($file->getMTime(), $newestMTime);
```
[1]: https://www.gnu.org/software/emacs/manual/html_node/emacs/Interlocking.html
Commits
-------
c6f7ca6fa1 Fix RuntimeException when an Emacs buffer is modified
This PR was merged into the 2.7 branch.
Discussion
----------
[Serializer] Reduce nesting in YamlFileLoader
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
We don't need to check if $this->classes is empty, because isset takes care of it in next call anyway
Diffs on GH are hard to read for this type of change, here is old and new code:
```php
public function loadClassMetadata(ClassMetadataInterface $classMetadata)
{
if (null === $this->classes) {
$this->classes = $this->getClassesFromYaml();
}
if (!$this->classes) {
return false;
}
if (isset($this->classes[$classMetadata->getName()])) {
$yaml = $this->classes[$classMetadata->getName()];
if (isset($yaml['attributes']) && is_array($yaml['attributes'])) {
...
}
return true;
}
return false;
}
```
```php
public function loadClassMetadata(ClassMetadataInterface $classMetadata)
{
if (null === $this->classes) {
$this->classes = $this->getClassesFromYaml();
}
if (!isset($this->classes[$classMetadata->getName()])) {
return false;
}
$yaml = $this->classes[$classMetadata->getName()];
if (isset($yaml['attributes']) && is_array($yaml['attributes'])) {
...
}
return true;
}
```
Commits
-------
45f0b16 [Serializer] Reduce nesting in YamlFileLoader
When an Emacs buffer is modified, by default Emacs automatically creates a
temporary symlink in the same directory as the file being edited (e.g. Controller.php):
```
.#Controller.php -> user@host.12345:1296583136
```
where '12345' is Emacs' PID.
In this case Symfony breaks with a RuntimeException:
```
SplFileInfo::getMTime(): stat failed for ...Bundle/Controller/.#APIController.php
```
in
vendor/symfony/symfony/src/Symfony/Component/Config/Resource/DirectoryResource.php
at line 89
```
$newestMTime = max($file->getMTime(), $newestMTime);
```
This PR was merged into the 2.7 branch.
Discussion
----------
[SecurityBundle] only pass relevant user provider
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #4498, #12465, #20401, #21737
| License | MIT
| Doc PR |
There is no need for the context listener to be aware of all the configured user providers. It must only use the provider for the current firewall (the one identified by the context key passed to the constructor) to refresh the user from the session.
Commits
-------
d97e07fd6a [SecurityBundle] only pass relevant user provider
This PR was squashed before being merged into the 2.7 branch (closes#21790).
Discussion
----------
[Intl] Update ICU data to 58.2
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
ICU 58.2 was released: http://site.icu-project.org/download/58
Commits
-------
d135e5cd2f [Intl] Make tests pass after the ICU data update
65faa1043d [Intl] Update ICU data to 58.2