Skip to content
Permalink
Branch: master
Commits on Apr 16, 2019
  1. Merge branch '4.2'

    nicolas-grekas committed Apr 16, 2019
    * 4.2:
      Fix XSS issues in the form theme of the PHP templating engine
  2. Merge branch '3.4' into 4.2

    nicolas-grekas committed Apr 16, 2019
    * 3.4:
      Fix XSS issues in the form theme of the PHP templating engine
  3. security #cve-2019-10909 [FrameworkBundle][Form] Fix XSS issues in th…

    nicolas-grekas committed Apr 16, 2019
    …e form theme of the PHP templating engine (stof)
    
    This PR was merged into the 3.4 branch.
    
    Discussion
    ----------
    
    [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine
    
    Based on #88
    
    Commits
    -------
    
    ab4d05358c Fix XSS issues in the form theme of the PHP templating engine
  4. Merge branch '4.2'

    nicolas-grekas committed Apr 16, 2019
    * 4.2:
      Prevent destructors with side-effects from being unserialized
  5. Merge branch '3.4' into 4.2

    nicolas-grekas committed Apr 16, 2019
    * 3.4:
      Prevent destructors with side-effects from being unserialized
  6. security #cve-2019-10912 [Cache][PHPUnit Bridge] Prevent destructors …

    nicolas-grekas committed Apr 16, 2019
    …with side-effects from being unserialized (nicolas-grekas)
    
    This PR was merged into the 3.4 branch.
    
    Discussion
    ----------
    
    [Cache][PHPUnit Bridge] Prevent destructors with side-effects from being unserialized
    
    | Q             | A
    | ------------- | ---
    | Branch?       | 3.4
    | Bug fix?      | yes
    | New feature?  | no
    | BC breaks?    | no
    | Deprecations? | no
    | Tests pass?   | yes
    | Fixed tickets | -
    | License       | MIT
    | Doc PR        | -
    
    Reported for `FilesystemCommonTrait` at https://www.intigriti.com/company/submission/CfDJ8Pja6NZvkpNCmx5vVyiGSn7yW8c1j4H0-cnAhIk6fbstOMm028X-XD1kmSuQkGB2n0cRyyVrA2yAiLN_I0EVilaKVLSiSa0UXZJGfN1h85vmk5c2dBBpu619r1YQEIjcXA
    
    Commits
    -------
    
    4fb9752816 Prevent destructors with side-effects from being unserialized
Commits on Apr 15, 2019
  1. feature #30717 [Serializer] Use name converter when normalizing const…

    nicolas-grekas committed Apr 15, 2019
    …raint violation list (norkunas)
    
    This PR was merged into the 4.3-dev branch.
    
    Discussion
    ----------
    
    [Serializer] Use name converter when normalizing constraint violation list
    
    | Q             | A
    | ------------- | ---
    | Branch?       | master <!-- see below -->
    | Bug fix?      | no
    | New feature?  | yes <!-- don't forget to update src/**/CHANGELOG.md files -->
    | BC breaks?    | no     <!-- see https://symfony.com/bc -->
    | Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
    | Tests pass?   | yes    <!-- please add some, will be required by reviewers -->
    | Fixed tickets | #...   <!-- #-prefixed issue number(s), if any -->
    | License       | MIT
    | Doc PR        | symfony/symfony-docs#... <!-- required for new features -->
    
    When using name converter with serializer and the default ConstraintViolationListNormalizer, returned propertyPaths was not converted to the same format.
    
    <!--
    Write a short README entry for your feature/bugfix here (replace this comment block.)
    This will help people understand your PR and can be used as a start of the Doc PR.
    Additionally:
     - Bug fixes must be submitted against the lowest branch where they apply
       (lowest branches are regularly merged to upper ones so they get the fixes too).
     - Features and deprecations must be submitted against the master branch.
    -->
    
    Commits
    -------
    
    dd93b707cc Use name converter when normalizing constraint violation list
Commits on Apr 14, 2019
Commits on Apr 12, 2019
  1. Merge branch '4.2'

    nicolas-grekas committed Apr 12, 2019
    * 4.2:
      [TwigBridge] fix tests
      [FrameworkBundle] Fix Controller deprecated when using composer --optimized
Commits on Apr 11, 2019
  1. bug #31073 #30998 Fix deprecated setCircularReferenceHandler call (dh…

    nicolas-grekas committed Apr 11, 2019
    …aarbrink)
    
    This PR was squashed before being merged into the 4.3-dev branch (closes #31073).
    
    Discussion
    ----------
    
    #30998 Fix deprecated setCircularReferenceHandler call
    
    | Q             | A
    | ------------- | ---
    | Branch?       | 4.2
    | Bug fix?      | yes
    | New feature?  | no
    | BC breaks?    | no
    | Deprecations? | no
    | Tests pass?   | yes
    | Fixed tickets | #30998
    | License       | MIT
    
    Instead of calling the `setCircularReferenceHandler()` method, it puts the handler in the default context.
    
    Commits
    -------
    
    3a680402ce #30998 Fix deprecated setCircularReferenceHandler call
Commits on Apr 8, 2019
Commits on Apr 7, 2019
  1. Merge branch '4.2'

    nicolas-grekas committed Apr 7, 2019
    * 4.2:
      fix translating file validation error message
      [Validator] Add missing Hungarian translations
      Improving deprecation message of the Twig templates directory src/Resources/views
      [3.4] [Validator] Add missing french validation translations.
      [Validator] Only traverse arrays that are cascaded into
      Handle case where no translations were found
      [Validator] Translate unique collection message to Hungarian
      fix tests
      Run test in separate process
      Use a class name that does not actually exist
      [Profiler] Fix dark theme elements color
      fix horizontal spacing of inlined Bootstrap forms
      [Translator] Warm up the translations cache in dev
      turn failed file uploads into form errors
  2. Merge branch '3.4' into 4.2

    nicolas-grekas committed Apr 7, 2019
    * 3.4:
      fix translating file validation error message
      [Validator] Add missing Hungarian translations
      [3.4] [Validator] Add missing french validation translations.
      [Validator] Only traverse arrays that are cascaded into
      Handle case where no translations were found
      [Validator] Translate unique collection message to Hungarian
      fix tests
      Run test in separate process
      Use a class name that does not actually exist
      fix horizontal spacing of inlined Bootstrap forms
      [Translator] Warm up the translations cache in dev
      turn failed file uploads into form errors
  3. feature #30887 [FrameworkBundle] fix search in debug autowiring (sez-…

    nicolas-grekas committed Apr 7, 2019
    …open)
    
    This PR was merged into the 4.3-dev branch.
    
    Discussion
    ----------
    
    [FrameworkBundle] fix search in debug autowiring
    
    | Q             | A
    | ------------- | ---
    | Branch?       | master
    | Bug fix?      | no
    | New feature?  | yes <!-- don't forget to update src/**/CHANGELOG.md files -->
    | BC breaks?    | no     <!-- see https://symfony.com/bc -->
    | Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
    | Tests pass?   | yes    <!-- please add some, will be required by reviewers -->
    | Fixed tickets | #30493   <!-- #-prefixed issue number(s), if any -->
    | License       | MIT
    | Doc PR        |
    
    <!--
    Write a short README entry for your feature/bugfix here (replace this comment block.)
    This will help people understand your PR and can be used as a start of the Doc PR.
    Additionally:
     - Bug fixes must be submitted against the lowest branch where they apply
       (lowest branches are regularly merged to upper ones so they get the fixes too).
     - Features and deprecations must be submitted against the master branch.
    -->
    
    Taking #30522 and finishing it with @nicolas-grekas comments.
    Is the sentence ok ?
    
    Commits
    -------
    
    fec4beaffc fix debug:autowiringcommand
Commits on Apr 5, 2019
Commits on Apr 3, 2019
  1. feature #30674 [FrameworkBundle] change the way http clients are conf…

    nicolas-grekas committed Apr 3, 2019
    …igured by leveraging ScopingHttpClient (nicolas-grekas)
    
    This PR was merged into the 4.3-dev branch.
    
    Discussion
    ----------
    
    [FrameworkBundle] change the way http clients are configured by leveraging ScopingHttpClient
    
    | Q             | A
    | ------------- | ---
    | Branch?       | master
    | Bug fix?      | no
    | New feature?  | yes
    | BC breaks?    | no
    | Deprecations? | no
    | Tests pass?   | yes
    | Fixed tickets | -
    | License       | MIT
    | Doc PR        | -
    
    This PR allows configuring scoped HTTP clients ("scoped_clients" replaces the previous "clients" options):
    
    ```yaml
    framework:
      http_client:
        max_host_connections: 4
        default_options:
          # ...
        scoped_clients:
          github_client:
            base_uri: https://api.github.com
            headers:
              Authorization: token abc123
              # ...
    ```
    
    The base URI is turned into a scoping regular expression so that the token will be sent only when the `github_client` service is requesting the corresponding URLs.
    When the base URI is too restrictive, the `scope` option can be used explicitly to define the regexp that URLs must match before any other options are applied.
    
    ~All defined scopes are passed to a new `scoping_http_client` service, that can be used to hit endpoints with authentication pre-configured for several hosts. Its named autowiring alias is `HttpClientInterface $scopingClient` (this cannot be done with `http_client` as we want safe defaults, e.g. credentials should not be used implicitly when writing webhooks/crawlers.)~
    
    Commits
    -------
    
    f1a26b9aea [FrameworkBundle] change the way http clients are configured by leveraging ScopingHttpClient
Commits on Apr 2, 2019
Commits on Apr 1, 2019
  1. Merge branch '3.4' into 4.2

    nicolas-grekas committed Apr 1, 2019
    * 3.4:
      SCA: minor code tweaks
      [Intl] Update the ICU data to 64.1
      [Bridge][Twig] DebugCommand - fix escaping and filter
You can’t perform that action at this time.