symfony
diff --git a/‎UPGRADE-4.2.md
Lines changed: 28 additions & 17 deletions b/‎UPGRADE-4.2.md
Lines changed: 28 additions & 17 deletions
diff --git a/‎UPGRADE-5.0.md
Lines changed: 9 additions & 0 deletions b/‎UPGRADE-5.0.md
Lines changed: 9 additions & 0 deletions
diff --git a/‎src/Symfony/Bridge/Monolog/CHANGELOG.md
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bridge/Monolog/CHANGELOG.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/Command/ContainerDebugCommand.php
Lines changed: 11 additions & 1 deletion b/‎src/Symfony/Bundle/FrameworkBundle/Command/ContainerDebugCommand.php
Lines changed: 11 additions & 1 deletion
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/CachePoolPass.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/CachePoolPass.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
Lines changed: 3 additions & 0 deletions b/‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/Test/WebTestCase.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/FrameworkBundle/Test/WebTestCase.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
Lines changed: 4 additions & 2 deletions b/‎src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
Lines changed: 4 additions & 2 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php
Lines changed: 6 additions & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php
Lines changed: 6 additions & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Lines changed: 29 additions & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
Lines changed: 29 additions & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php
Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeLogout/config.yml
Lines changed: 5 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/RememberMeLogout/config.yml
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/composer.json
Lines changed: 2 additions & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/composer.json
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/Symfony/Bundle/TwigBundle/TemplateIterator.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/TwigBundle/TemplateIterator.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/TwigBundle/Tests/Fixtures/templates/Resources/BarBundle/views/base.html.twig b/‎src/Symfony/Bundle/TwigBundle/Tests/Fixtures/templates/Resources/BarBundle/views/base.html.twig
diff --git a/‎src/Symfony/Bundle/TwigBundle/Tests/TemplateIteratorTest.php
Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Bundle/TwigBundle/Tests/TemplateIteratorTest.php
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Bundle/WebProfilerBundle/README.md
Lines changed: 6 additions & 0 deletions b/‎src/Symfony/Bundle/WebProfilerBundle/README.md
Lines changed: 6 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/WebProfilerBundle/WebProfilerBundle.php
Lines changed: 6 additions & 2 deletions b/‎src/Symfony/Bundle/WebProfilerBundle/WebProfilerBundle.php
Lines changed: 6 additions & 2 deletions
diff --git a/‎src/Symfony/Component/BrowserKit/CHANGELOG.md
Lines changed: 2 additions & 1 deletion b/‎src/Symfony/Component/BrowserKit/CHANGELOG.md
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/Symfony/Component/BrowserKit/Client.php
Lines changed: 11 additions & 3 deletions b/‎src/Symfony/Component/BrowserKit/Client.php
Lines changed: 11 additions & 3 deletions
@@ -55,6 +55,9 @@ Finder
 Form
 ----
 
+ * The `scale` option of the `IntegerType` is deprecated.
+ * The `$scale` argument of the `IntegerToLocalizedStringTransformer` is deprecated.
+
  * Deprecated calling `FormRenderer::searchAndRenderBlock` for fields which were already rendered.
    Instead of expecting such calls to return empty strings, check if the field has already been rendered.
 
@@ -72,24 +75,12 @@ Form
    {% endfor %}
    ```
 
-Process
--------
-
- * Deprecated the `Process::setCommandline()` and the `PhpProcess::setPhpBinary()` methods.
- * Deprecated passing commands as strings when creating a `Process` instance.
-
-   Before:
-   ```php
-   $process = new Process('ls -l');
-   ```
-
-   After:
-   ```php
-   $process = new Process(array('ls', '-l'));
+HttpFoundation
+--------------
 
-   // alternatively, when a shell wrapper is required
-   $process = Process::fromShellCommandline('ls -l');
-   ```
+ * The default value of the "$secure" and "$samesite" arguments of Cookie's constructor
+   will respectively change from "false" to "null" and from "null" to "lax" in Symfony
+   5.0, you should define their values explicitly or use "Cookie::create()" instead.
 
 FrameworkBundle
 ---------------
@@ -164,6 +155,25 @@ Monolog
 
  * The methods `DebugProcessor::getLogs()`, `DebugProcessor::countErrors()`, `Logger::getLogs()` and `Logger::countErrors()` will have a new `$request` argument in version 5.0, not defining it is deprecated.
 
+Process
+-------
+
+ * Deprecated the `Process::setCommandline()` and the `PhpProcess::setPhpBinary()` methods.
+ * Deprecated passing commands as strings when creating a `Process` instance.
+
+   Before:
+   ```php
+   $process = new Process('ls -l');
+   ```
+
+   After:
+   ```php
+   $process = new Process(array('ls', '-l'));
+
+   // alternatively, when a shell wrapper is required
+   $process = Process::fromShellCommandline('ls -l');
+   ```
+
 Security
 --------
 
@@ -206,3 +216,4 @@ Validator
  * The component is now decoupled from `symfony/translation` and uses `Symfony\Contracts\Translation\TranslatorInterface` instead
  * The `ValidatorBuilderInterface` has been deprecated and `ValidatorBuilder` made final
  * Deprecated validating instances of `\DateTimeInterface` in `DateTimeValidator`, `DateValidator` and `TimeValidator`. Use `Type` instead or remove the constraint if the underlying model is type hinted to `\DateTimeInterface` already.
+ * Using the `Bic` constraint without `symfony/intl` is deprecated
@@ -69,6 +69,12 @@ Finder
 
  * The `Finder::sortByName()` method has a new `$useNaturalSort` argument.
 
+Form
+----
+
+ * The `scale` option was removed from the `IntegerType`.
+ * The `$scale` argument of the `IntegerToLocalizedStringTransformer` was removed.
+
 FrameworkBundle
 ---------------
 
@@ -117,6 +123,8 @@ HttpFoundation
  * The `$size` argument of the `UploadedFile` constructor has been removed.
  * The `getClientSize()` method of the `UploadedFile` class has been removed.
  * The `getSession()` method of the `Request` class throws an exception when session is null.
+ * The default value of the "$secure" and "$samesite" arguments of Cookie's constructor
+   changed respectively from "false" to "null" and from "null" to "lax".
 
 Monolog
 -------
@@ -191,6 +199,7 @@ Validator
  * The component is now decoupled from `symfony/translation` and uses `Symfony\Contracts\Translation\TranslatorInterface` instead
  * The `ValidatorBuilderInterface` has been removed and `ValidatorBuilder` is now final
  * Removed support for validating instances of `\DateTimeInterface` in `DateTimeValidator`, `DateValidator` and `TimeValidator`. Use `Type` instead or remove the constraint if the underlying model is type hinted to `\DateTimeInterface` already.
+ * The `symfony/intl` component is now required for using the `Bic` constraint
 
 Workflow
 --------
 
@@ -7,7 +7,7 @@ CHANGELOG
  * added `ProcessorInterface`: an optional interface to allow autoconfiguration of Monolog processors
  * The methods `DebugProcessor::getLogs()`, `DebugProcessor::countErrors()`, `Logger::getLogs()`
    and `Logger::countErrors()` will have a new `$request` argument in version 5.0, not defining
-   it is deprecated since Symfony 4.2.
+   it is deprecated
 
 4.1.0
 -----
 
@@ -22,6 +22,7 @@
 use Symfony\Component\Console\Output\OutputInterface;
 use Symfony\Component\Console\Style\SymfonyStyle;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Exception\ServiceNotFoundException;
 use Symfony\Component\DependencyInjection\Loader\XmlFileLoader;
 use Symfony\Component\DependencyInjection\ParameterBag\ParameterBag;
 
@@ -144,7 +145,16 @@ protected function execute(InputInterface $input, OutputInterface $output)
         $options['show_hidden'] = $input->getOption('show-hidden');
         $options['raw_text'] = $input->getOption('raw');
         $options['output'] = $io;
-        $helper->describe($io, $object, $options);
+
+        try {
+            $helper->describe($io, $object, $options);
+        } catch (ServiceNotFoundException $e) {
+            if ('' !== $e->getId() && '@' === $e->getId()[0]) {
+                throw new ServiceNotFoundException($e->getId(), $e->getSourceId(), null, array(substr($e->getId(), 1)));
+            }
+
+            throw $e;
+        }
 
         if (!$input->getArgument('name') && !$input->getOption('tag') && !$input->getOption('parameter') && $input->isInteractive()) {
             if ($input->getOption('tags')) {
 
@@ -133,7 +133,7 @@ public static function getServiceProvider(ContainerBuilder $container, $name)
     {
         $container->resolveEnvPlaceholders($name, null, $usedEnvs);
 
-        if ($usedEnvs || preg_match('#^[a-z]++://#', $name)) {
+        if ($usedEnvs || preg_match('#^[a-z]++:#', $name)) {
             $dsn = $name;
 
             if (!$container->hasDefinition($name = '.cache_connection.'.ContainerBuilder::hash($dsn))) {
 
@@ -199,6 +199,9 @@ public function load(array $configs, ContainerBuilder $container)
         if ($this->isConfigEnabled($container, $config['session'])) {
             $this->sessionConfigEnabled = true;
             $this->registerSessionConfiguration($config['session'], $container, $loader);
+            if (!empty($config['test'])) {
+                $container->getDefinition('test.session.listener')->setArgument(1, '%session.storage.options%');
+            }
         }
 
         if ($this->isConfigEnabled($container, $config['request'])) {
 
@@ -23,7 +23,7 @@ abstract class WebTestCase extends KernelTestCase
     /**
      * Creates a Client.
      *
-     * @param array $options An array of options to pass to the createKernel class
+     * @param array $options An array of options to pass to the createKernel method
      * @param array $server  An array of server parameters
      *
      * @return Client A Client instance
 
@@ -6,11 +6,13 @@ CHANGELOG
 
  * Using the `security.authentication.trust_resolver.anonymous_class` and 
    `security.authentication.trust_resolver.rememberme_class` parameters to define
-   the token classes is deprecated. To use
-   custom tokens extend the existing `Symfony\Component\Security\Core\Authentication\Token\AnonymousToken`
+   the token classes is deprecated. To use custom tokens extend the existing
+   `Symfony\Component\Security\Core\Authentication\Token\AnonymousToken`.
    or `Symfony\Component\Security\Core\Authentication\Token\RememberMeToken`.
  * Added `Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler\AddExpressionLanguageProvidersPass`
  * Added `json_login_ldap` authentication provider to use LDAP authentication with a REST API.
+ * Made remember-me cookies inherit their default config from `framework.session.cookie_*`
+   and added an "auto" mode to their "secure" config option to make them secure on HTTPS automatically.
 
 4.1.0
 -----
 
@@ -15,6 +15,7 @@
 use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Reference;
+use Symfony\Component\HttpFoundation\Cookie;
 
 class RememberMeFactory implements SecurityFactoryInterface
 {
@@ -140,7 +141,11 @@ public function addConfiguration(NodeDefinition $node)
         ;
 
         foreach ($this->options as $name => $value) {
-            if (\is_bool($value)) {
+            if ('secure' === $name) {
+                $builder->enumNode($name)->values(array(true, false, 'auto'))->defaultValue('auto' === $value ? null : $value);
+            } elseif ('samesite' === $name) {
+                $builder->enumNode($name)->values(array(null, Cookie::SAMESITE_LAX, Cookie::SAMESITE_STRICT))->defaultValue($value);
+            } elseif (\is_bool($value)) {
                 $builder->booleanNode($name)->defaultValue($value);
             } else {
                 $builder->scalarNode($name)->defaultValue($value);
 
@@ -11,6 +11,7 @@
 
 namespace Symfony\Bundle\SecurityBundle\DependencyInjection;
 
+use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\RememberMeFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\UserProvider\UserProviderFactoryInterface;
 use Symfony\Bundle\SecurityBundle\SecurityUserValueResolver;
@@ -22,6 +23,7 @@
 use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\Compiler\ServiceLocatorTagPass;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Extension\PrependExtensionInterface;
 use Symfony\Component\DependencyInjection\Loader\XmlFileLoader;
 use Symfony\Component\DependencyInjection\Parameter;
 use Symfony\Component\DependencyInjection\Reference;
@@ -37,7 +39,7 @@
  * @author Fabien Potencier <[email protected]>
  * @author Johannes M. Schmitt <[email protected]>
  */
-class SecurityExtension extends Extension
+class SecurityExtension extends Extension implements PrependExtensionInterface
 {
     private $requestMatchers = array();
     private $expressions = array();
@@ -54,6 +56,32 @@ public function __construct()
         }
     }
 
+    public function prepend(ContainerBuilder $container)
+    {
+        $rememberMeSecureDefault = false;
+        $rememberMeSameSiteDefault = null;
+
+        if (!isset($container->getExtensions()['framework'])) {
+            return;
+        }
+        foreach ($container->getExtensionConfig('framework') as $config) {
+            if (isset($config['session'])) {
+                $rememberMeSecureDefault = $config['session']['cookie_secure'] ?? $rememberMeSecureDefault;
+                $rememberMeSameSiteDefault = array_key_exists('cookie_samesite', $config['session']) ? $config['session']['cookie_samesite'] : $rememberMeSameSiteDefault;
+            }
+        }
+        foreach ($this->listenerPositions as $position) {
+            foreach ($this->factories[$position] as $factory) {
+                if ($factory instanceof RememberMeFactory) {
+                    \Closure::bind(function () use ($rememberMeSecureDefault, $rememberMeSameSiteDefault) {
+                        $this->options['secure'] = $rememberMeSecureDefault;
+                        $this->options['samesite'] = $rememberMeSameSiteDefault;
+                    }, $factory, $factory)();
+                }
+            }
+        }
+    }
+
     public function load(array $configs, ContainerBuilder $container)
     {
         if (!array_filter($configs)) {
 
@@ -26,6 +26,7 @@ public function testSessionLessRememberMeLogout()
         $cookieJar->expire(session_name());
 
         $this->assertNotNull($cookieJar->get('REMEMBERME'));
+        $this->assertSame('lax', $cookieJar->get('REMEMBERME')->getSameSite());
 
         $client->request('GET', '/logout');
 
 
@@ -1,6 +1,11 @@
 imports:
     - { resource: ./../config/framework.yml }
 
+framework:
+    session:
+        cookie_secure: auto
+        cookie_samesite: lax
+
 security:
     encoders:
         Symfony\Component\Security\Core\User\User: plaintext
 
@@ -28,7 +28,7 @@
     },
     "require-dev": {
         "symfony/asset": "~3.4|~4.0",
-        "symfony/browser-kit": "~3.4|~4.0",
+        "symfony/browser-kit": "~4.2",
         "symfony/console": "~3.4|~4.0",
         "symfony/css-selector": "~3.4|~4.0",
         "symfony/dom-crawler": "~3.4|~4.0",
@@ -48,6 +48,7 @@
         "twig/twig": "~1.34|~2.4"
     },
     "conflict": {
+        "symfony/browser-kit": "<4.2",
         "symfony/var-dumper": "<3.4",
         "symfony/event-dispatcher": "<3.4",
         "symfony/framework-bundle": "<4.2",
 
@@ -63,7 +63,7 @@ public function getIterator()
             $this->templates = array_merge(
                 $this->templates,
                 $this->findTemplatesInDirectory($bundle->getPath().'/Resources/views', $name),
-                $this->findTemplatesInDirectory($this->rootDir.'/'.$bundle->getName().'/views', $name),
+                $this->findTemplatesInDirectory($this->rootDir.'/Resources/'.$bundle->getName().'/views', $name),
                 $this->findTemplatesInDirectory($this->defaultPath.'/bundles/'.$bundle->getName(), $name)
             );
         }
 
@@ -31,6 +31,7 @@ public function testGetIterator()
         sort($sorted);
         $this->assertEquals(
             array(
+                '@Bar/base.html.twig',
                 '@Bar/index.html.twig',
                 '@Bar/layout.html.twig',
                 '@Foo/index.html.twig',
 
@@ -1,6 +1,12 @@
 WebProfilerBundle
 =================
 
+The Web profiler bundle is a **development tool** that gives detailed
+information about the execution of any request.
+
+**Never** enable it on production servers as it will lead to major security
+vulnerabilities in your project.
+
 Resources
 ---------
 
 
@@ -14,10 +14,14 @@
 use Symfony\Component\HttpKernel\Bundle\Bundle;
 
 /**
- * Bundle.
- *
  * @author Fabien Potencier <[email protected]>
  */
 class WebProfilerBundle extends Bundle
 {
+    public function boot()
+    {
+        if ('prod' === $this->container->getParameter('kernel.environment')) {
+            @trigger_error('Using WebProfilerBundle in production is not supported and puts your project at risk, disable it.', E_USER_WARNING);
+        }
+    }
 }
@@ -5,7 +5,8 @@ CHANGELOG
 -----
 
  * The method `Client::submit()` will have a new `$serverParameters` argument 
-   in version 5.0, not defining it is deprecated since version 4.2
+   in version 5.0, not defining it is deprecated
+ * Added ability to read the "samesite" attribute of cookies using `Cookie::getSameSite()`
 
 3.4.0
 -----
 
@@ -118,7 +118,7 @@ public function getMaxRedirects()
     public function insulate($insulated = true)
     {
         if ($insulated && !class_exists('Symfony\\Component\\Process\\Process')) {
-            throw new \RuntimeException('Unable to isolate requests as the Symfony Process Component is not installed.');
+            throw new \LogicException('Unable to isolate requests as the Symfony Process Component is not installed.');
         }
 
         $this->insulated = (bool) $insulated;
@@ -297,7 +297,11 @@ public function click(Link $link)
      */
     public function clickLink(string $linkText): Crawler
     {
-        return $this->click($this->getCrawler()->selectLink($linkText)->link());
+        if (null === $this->crawler) {
+            throw new BadMethodCallException(sprintf('The "request()" method must be called before "%s()".', __METHOD__));
+        }
+
+        return $this->click($this->crawler->selectLink($linkText)->link());
     }
 
     /**
@@ -332,7 +336,11 @@ public function submit(Form $form, array $values = array()/*, array $serverParam
      */
     public function submitForm(string $button, array $fieldValues = array(), string $method = 'POST', array $serverParameters = array()): Crawler
     {
-        $buttonNode = $this->getCrawler()->selectButton($button);
+        if (null === $this->crawler) {
+            throw new BadMethodCallException(sprintf('The "request()" method must be called before "%s()".', __METHOD__));
+        }
+
+        $buttonNode = $this->crawler->selectButton($button);
         $form = $buttonNode->form($fieldValues, $method);
 
         return $this->submit($form, array(), $serverParameters);
Original file line number	Diff line number	Diff line change
`@@ -133,7 +133,7 @@ public static function getServiceProvider(ContainerBuilder $container, $name)`
`133`	`133`	`{`
`134`	`134`	`$container->resolveEnvPlaceholders($name, null, $usedEnvs);`
`135`	`135`
`136`		`- if ($usedEnvs \|\| preg_match('#^[a-z]++://#', $name)) {`
	`136`	`+ if ($usedEnvs \|\| preg_match('#^[a-z]++:#', $name)) {`
`137`	`137`	`$dsn = $name;`
`138`	`138`
`139`	`139`	`if (!$container->hasDefinition($name = '.cache_connection.'.ContainerBuilder::hash($dsn))) {`
Original file line number	Diff line number	Diff line change
`@@ -199,6 +199,9 @@ public function load(array $configs, ContainerBuilder $container)`
`199`	`199`	`if ($this->isConfigEnabled($container, $config['session'])) {`
`200`	`200`	`$this->sessionConfigEnabled = true;`
`201`	`201`	`$this->registerSessionConfiguration($config['session'], $container, $loader);`
	`202`	`+ if (!empty($config['test'])) {`
	`203`	`+ $container->getDefinition('test.session.listener')->setArgument(1, '%session.storage.options%');`
	`204`	`+ }`
`202`	`205`	`}`
`203`	`206`
`204`	`207`	`if ($this->isConfigEnabled($container, $config['request'])) {`
Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ abstract class WebTestCase extends KernelTestCase`
`23`	`23`	`/**`
`24`	`24`	`* Creates a Client.`
`25`	`25`	`*`
`26`		`- * @param array $options An array of options to pass to the createKernel class`
	`26`	`+ * @param array $options An array of options to pass to the createKernel method`
`27`	`27`	`* @param array $server An array of server parameters`
`28`	`28`	`*`
`29`	`29`	`* @return Client A Client instance`
Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,7 @@ public function getIterator()`
`63`	`63`	`$this->templates = array_merge(`
`64`	`64`	`$this->templates,`
`65`	`65`	`$this->findTemplatesInDirectory($bundle->getPath().'/Resources/views', $name),`
`66`		`- $this->findTemplatesInDirectory($this->rootDir.'/'.$bundle->getName().'/views', $name),`
	`66`	`+ $this->findTemplatesInDirectory($this->rootDir.'/Resources/'.$bundle->getName().'/views', $name),`
`67`	`67`	`$this->findTemplatesInDirectory($this->defaultPath.'/bundles/'.$bundle->getName(), $name)`
`68`	`68`	`);`
`69`	`69`	`}`