symfony / symfony

This PR was merged into the 5.4 branch. Discussion ---------- [Security] Deprecate legacy signatures | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | no | New feature? | no | Deprecations? | yes | Tickets | Ref #41613 | License | MIT | Doc PR | n/a Deprecates the left-over legacy constructor signatures in the Security system. Commits ------- bbc00c8 [Security] Deprecate legacy signatures

…rity factories (wouterj) This PR was merged into the 5.4 branch. Discussion ---------- [SecurityBundle] Create a smooth upgrade path for security factories | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | no | New feature? | yes | Deprecations? | yes | Tickets | Ref #41613 (comment) | License | MIT | Doc PR | - This change allows removing `SecurityFactoryInterface` in Symfony 6. I've also changed the discrete ordering using "listener positions" to the much more common continuous ordering using priorities. I feel like priorities are much more self-explanatory. Commits ------- 7385fd5 [SecurityBundle] Create a smooth upgrade path for security factories

This PR was merged into the 5.4 branch. Discussion ---------- Invalid DKIM signature | Q | A | ------------- | --- | Branch? | 5.3 | Bug fix? | yes | New feature? | no | Deprecations? | no | License | MIT How to reproduce: ```php $email = (new Email()) ->from('admin@yourdomain.com') ->subject('text') ->text('text') ; $addresses = 'first@example.com,second@exmple.com' //could be command's or method's argument, that's why we used call_user_func_array below \call_user_func_array([$email, 'to'], explode(',', $addresses)); $email->getHeaders()->addTextHeader('X-Transport', $transport); $privateKeyFilePath = '/private.pem'; $filesystem = new Filesystem(); if ($filesystem->exists($privateKeyFilePath)) { $signer = new DkimSigner("file://$privateKeyFilePath", 'yourdomain.com', 'your-selector'); $email = $signer->sign($email, ['headers_to_ignore' => ['x-transport']]); //#39354 (comment) } $this->mailer->send($email); ``` How I tested body hash (bh): https://www.appmaildev.com/site/testfile/dkim?lang=en It shows expected body hash (`Expected-Body-Hash`) in DKIM section and received body hash (`bh=`) if fails. ![image](https://user-images.githubusercontent.com/6103208/128579511-ead9fde9-1492-4a6a-8953-2adb99eb251a.png) My solution is based on swiftmailer signer code and DKIM specifications (see links below). After applying patch it works correctly: ![image](https://user-images.githubusercontent.com/6103208/128579683-ba1599f4-956c-49f6-ba94-f69bb8979c8d.png) How swiftmailer signer adds trailing line return: ```php protected function endOfBody() { // Add trailing Line return if last line is non empty if (\strlen($this->bodyCanonLine) > 0) { $this->addToBodyHash("\r\n"); } $this->bodyHash = hash_final($this->bodyHashHandler, true); } ``` Swiftmailer signer works correctly with not empty body. From DKIM signature specifications: - simple canonicalization: https://datatracker.ietf.org/doc/html/rfc6376#section-3.4.3 `If there is no body or no trailing CRLF on the message body, a CRLF is added` - relaxed canonicalization: https://datatracker.ietf.org/doc/html/rfc6376#section-3.4.4 `If the body is non-empty but does not end with a CRLF, a CRLF is added` Other issues related to invalid DKIM signature: #39354, #41935, #42407. But is seems they have another problem, which is connected to templated emails. I have tested dkim signature manually (with gmail) with these cases: canonicalization: simple body: '' canonicalization: simple body: "\r\n" canonicalization: simple body: 'text' canonicalization: relaxed body: '' canonicalization: relaxed body: "\r\n" canonicalization: relaxed body: 'text' ![image](https://user-images.githubusercontent.com/6103208/128577659-1e765fe3-19f7-4ef2-bd59-22064e0d9b73.png) Commits ------- 0cb61f4 Add trailing Line return if last line is non empty

This PR was merged into the 5.4 branch. Discussion ---------- [Security] Deprecate `PassportInterface` | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | no | New feature? | no | Deprecations? | yes | Tickets | - | License | MIT | Doc PR | - As explained in #42181, the right extension point is badges, not passports. Also renames `AuthenticatorInterface::createAuthenticatedToken()` to `createToken()` because of the signature change and the recent abandon of the `authenticated` state for tokens. Commits ------- a446030 [Security] Deprecate `PassportInterface`

…sponse` (thomas2411) This PR was squashed before being merged into the 5.4 branch. Discussion ---------- [HttpFoundation] Add `litespeed_finish_request` to `Response` | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | #42293 | License | MIT For now Litespeed has dropped support for `fastcgi_finish_request` function due to some problems: php/php-src@ccf051c so when Litespeed is being used on a server instead of Apache, then there is no possibility to use `fastcgi_finish_request` function as the alias for `litespeed_finish_request` is turned off. Commits ------- 5fb91a5 [HttpFoundation] Add `litespeed_finish_request` to `Response`

This PR was merged into the 5.4 branch. Discussion ---------- [HttpFoundation] Add `SessionFactoryInterface` | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | Fix #41443 | License | MIT | Doc PR | - Assuming `@jderusse`'s [solution](#41443 (comment)) in #41443 is the best way to add custom session bags by a 3rd party bundle, there should really be a `SessionFactoryInterface` to make decorating the `SessionFactory` easier. Commits ------- 2079eb5 add SessionFactoryInterface

This PR was merged into the 5.4 branch. Discussion ---------- [Finder] Add type to Finder iterator | Q | A | ------------- | --- | Bug fix? |no | New feature? | yes  | Deprecations? | no  | License | MIT This improves static analysis so consumers code can know that iterating over `Finder` returns `SplFileInfo` and not `mixed` Commits ------- 1463c1f Add type to Finder iterator

…mat() (derrabus) This PR was merged into the 5.4 branch. Discussion ---------- [Console] Add return type to OutputFormatterInterface::format() | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | N/A | License | MIT | Doc PR | N/A Spotted while working on #42381. If we look at how `OutputFormatterInterface::format()` is used in the codebase, we can see that an implementation of that method is supposed to return something. Yet the interface does not declare a return value and the `NullOutputFormatter` implementation even has a `void` return type which does not make sense at all, imho. This PR attempts to fix that. Commits ------- d75f5e6 Add return type to OutputFormatterInterface::format()

…rvicePass` (lyrixx) This PR was merged into the 5.4 branch. Discussion ---------- [DependencyInjection] Remove unused code in `DecoratorServicePass` | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | no | New feature? | no | Deprecations? | no | Tickets | | License | MIT | Doc PR | this is also present on 4.4, but I'm not sure about the target branch according to the new merge policy Commits ------- a4f3dcc [DependencyInjection] Remove dead code in DecoratorServicePass

…Commands (acran) This PR was merged into the 5.4 branch. Discussion ---------- [FrameworkBundle] remove dead conditions in Translation Commands | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | no | New feature? | no | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - This is just a trivial removal of unused code I stumbled upon while debugging #42361. In the [original code](https://github.com/symfony/symfony/blob/e617a9b/src/Symfony/Bundle/FrameworkBundle/Command/TranslationDebugCommand.php#L165-L170): ~~~php $transPaths = [$path.'/translations']; $codePaths = [$path.'/templates']; if (!is_dir($transPaths[0]) && !isset($transPaths[1])) { throw new InvalidArgumentException(sprintf('"%s" is neither an enabled bundle nor a directory.', $transPaths[0])); } ~~~ The second part of the condition `isset($transPaths[1])` will **always** evaluate to true, since `$targetPath` is just set 3 lines above but only has a single element. This check was originally to support legacy paths which was removed in b6eb1f4: * in [`TranslationDebugCommand.php`](b6eb1f4#diff-67afa5b8860d0df4e44f1e1fc89f444b7ac77de515b698a6824dd5403a0acdbcL187-L194) * in [`TranslationUpdateCommand.php `](b6eb1f4#diff-a01c7858e84f1868a427634740511da7c8c73e56772baa78bdcd98200d7125c0L180-L187) Rebased from 5.3 to 5.4, see #42362 /cc `@fabpot` Commits ------- 22db5ad [FrameworkBundle] remove dead conditions in Translation Commands

This PR was merged into the 5.4 branch. Discussion ---------- [HttpFoundation] Mark Request::get() internal | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | no | New feature? | no | Deprecations? | yes | Tickets | Fix #40984 | License | MIT | Doc PR | symfony/symfony-docs#...  we should not forget about this :) Commits ------- e84efc4 [HttpFoundation] Mark Request::get() internal

…ent` (ismail1432) This PR was squashed before being merged into the 5.4 branch. Discussion ---------- [Notifier] add `SentMessageEvent` and `FailedMessageEvent` | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | no | New feature? | yes | License | MIT | Doc PR | Dispatch a new event `SentMessageEvent` **which is dispatched once the notification is sent**. The `Symfony\Component\Notifier\Transport\AbstractTransport` return an instance of `SentMessage` that contains the original message + an id that [can be returned by the API](https://github.com/symfony/linked-in-notifier/blob/5.x/LinkedInTransport.php#L96) it can be helpful to pass this object to the event. Dispatch a new event `FailedMessageEvent` **which is dispatched if sending the notification fails** it can be helpful for a retry strategy Commits ------- 025256d [Notifier] add `SentMessageEvent` and `FailedMessageEvent`

…stevemarvell) This PR was merged into the 5.4 branch. Discussion ---------- [ErrorHandler] Add missing to semi-colon to exception.js Without this, the js is reported as in error using at least Firefox on Linux, which ultimately prevents the debug bar appearing. | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | | License | MIT | Doc PR | Commits ------- ca988fb Add missing to semi-colon to exception.js

Without this, the js is reported as in error using at least Firefox on Linux, which ultimately prevents the debug bar appearing.

Since $targetPath is directly set just 3 lines above !isset($targetPath[1]) will *always* evaluate to true. This check was originally to support legacy paths which was removed in b6eb1f4

This PR was merged into the 4.4 branch. Discussion ---------- [HttpFoundation] Fix broken mock | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | N/A | License | MIT | Doc PR | N/A Backport from #42378. This PR fixes a couple of mocked methods that currently return `null` although a real implementation would never do that. Commits ------- af37c64 Fix broken mock

Signed-off-by: Alexander M. Turek <me@derrabus.de>

This PR was merged into the 5.3 branch. Discussion ---------- Fix return types for PHP 8.1 | Q | A | ------------- | --- | Branch? | 5.3 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | #41552 | License | MIT | Doc PR | N/A Follow-up of #42260. Commits ------- ab3c43f Fix return types for PHP 8.1

Signed-off-by: Alexander M. Turek <me@derrabus.de>

* 4.4: Fix test

Signed-off-by: Alexander M. Turek <me@derrabus.de>

* 5.3: Add test for non-callable arrays as controllers

symfony / symfony

Commits on Aug 8, 2021

Commits on Aug 7, 2021

Commits on Aug 6, 2021

Commits on Aug 5, 2021

Commits on Aug 4, 2021

symfony / symfony

Sponsor symfony/symfony

Commits on Aug 8, 2021

Commits on Aug 7, 2021

Commits on Aug 6, 2021

Commits on Aug 5, 2021

Commits on Aug 4, 2021