New! Checkout our new GitHub homepage! Follow the latest activity of eZ Publish Developers on GitHub.com


@ezpublishlegacy
ezpublishlegacy pushed to master in ezpublishlegacy/ezplatform
  • @andrerom 7f4bad2
    Redirect /ez route to /admin to help people upgrading (#269)
Mar 5, 2018
03/05/2018 12:15 pm   eZPublishLegacy @ GitHub   Mirror   Link   @6
@ezecosystem
ezecosystem pushed to master in ezecosystem/Sylius
Mar 5, 2018
03/05/2018 12:10 pm   eZecosystem @ GitHub   Mirror   Link   @6
@ezecosystem
ezecosystem pushed to master in ezecosystem/ezpublish-kernel
Mar 5, 2018
03/05/2018 12:02 pm   eZecosystem @ GitHub   Mirror   Link   @12
@ezecosystem
ezecosystem pushed to master in ezecosystem/ezplatform-legacy
Mar 5, 2018
03/05/2018 12:00 pm   eZecosystem @ GitHub   Mirror   Link   @4
@ezecosystem
ezecosystem pushed to master in ezecosystem/ezplatform
  • @andrerom 7f4bad2
    Redirect /ez route to /admin to help people upgrading (#269)
Mar 5, 2018
03/05/2018 12:00 pm   eZecosystem @ GitHub   Mirror   Link   @4

Compressing served files is a very usual trick to increase the loading performance of a website. The principle, defined in HTTP 1.1, is quite simple: when requesting a file, the browser announces the encoding it accepts in the Accept-Encoding header (for instance gzip) and thanks to it, the server knows how it can serve the file.

Typically, this is done on the fly by the web server with a dedicated module, for instance in Apache, mod_deflate does that pretty well (I've been using it for years (fr)) and nowadays this requires almost no configuration besides being activated unless you want to support the venerable most-hated browser of all time aka Internet Explorer 6 :)

Alternatively, it's possible to pre-generate compressed files along with the normal ones to serve the best one supported by the browser visiting your website. This has the advantage of requiring almost no resource on the web server while allowing you to use the highest compression level available even this takes a bit of time. And depending on the static site generator this is maybe super simple to setup.

So in this post, I'm gonna try to compress each page with Gzip and Brotli and to configure Apache to serve the best possible version.

Brotli ?

According to Wikipedia:

Brotli is a data format specification for data streams compressed with a specific combination of the general-purpose LZ77 lossless compression algorithm, Huffman coding and 2nd order context modelling. [...]

Brotli was first released in 2015 for off-line compression of web fonts. The version of Brotli released in September 2015 by the Google software engineers contained enhancements in generic lossless data compression, with particular emphasis on use for HTTP compression.

Brotli logo

If I believe caniuse.com, Brotli is now supported by most browsers. As usual, only Internet Explorer (11 and below) and Safari (before High Sierra) are a bit behind so for those and for probably tons of bots out there, Gzip compressed files or uncompressed files are still useful.

Brotli files are said to offer a higher compression rate than Gzip while remaining fast to decode. On the other hand, Brotli is also known to be slower to compress especially if you are using the highest compression level. Let's have a look at that.

Compressing files

Since I'm using Metalsmith to generate this web site, I can use metalsmith-gzip and metalsmith-brotli to compress generated documents. Both plugins are very similar and are configured to compress files matching the regular expression /\.[html|css|js|json|xml|svg|txt]/. I just had to configure metalsmith-gzip to compress at level 9 instead of 6 by default.

If you use Metalsmith, that's pretty much it! Of course, it's possible to do the same with a "simple" shell oneliner, something like:

find path/to/files -type f -a \( -name '*.html' -o -name '*.css' -o -name '*.js' \
-o -name '*.json' -o -name '*.xml' -o -name '*.svg' -o -name '*.txt' \) \
-exec brotli --best {} \+ -exec gzip --best -k {} \+

Apache configuration

This part is a bit tricky, at least it took me some time to figure it out, especially the part about preventing the double compression when you still need mod_deflate for other websites.

First, you need to make sure that mod_mime, mod_headers and mod_rewrite are enabled in Apache. Under Debian, if you are unsure just run as root:

# a2enmod mime
# a2enmod headers
# a2enmod rewrite

Then, the VirtualHost for your website requires a bit of configuration. Here is the relevant configuration excerpt for serving my pre-compressed website:

# Otherwise Content-Language: br is added
# Only needed if mod_mime configures that language
# in /etc/apache2/mods-enabled/mime.conf
RemoveLanguage .br

# Encoding for Brotli files
AddEncoding br .br

# Set gzip encoding instead of setting as a Content Type
RemoveType .gz
AddEncoding x-gzip .gz

# Mapping foo.suffix.gz or foo.suffix.br => Type
# see following repositories for recognized suffixes
# https://github.com/michel-kraemer/metalsmith-brotli
# https://github.com/ludovicofischer/metalsmith-gzip
AddType "text/html" .html.br .htm.br .html.gz .htm.gz
AddType "text/css" .css.br css.gz
AddType "text/plain" .txt.br txt.gz
AddType "text/xml" .xml.br .xml.gz
AddType "application/javascript" .js.br .js.gz
AddType "application/json" .json.br .json.gz
AddType "image/svg+xml" .svg.br .svg.gz
# Depending on what you compress, some more might be needed

# Proxy configuration
Header append Vary Accept-Encoding

RewriteEngine On

RewriteCond %{HTTP:Accept-Encoding} br
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME}.br -s
RewriteRule ^(.*)$ %{DOCUMENT_ROOT}/%{REQUEST_FILENAME}.br [E=no-gzip,L]

RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME}.gz -s
RewriteRule ^(.*)$ %{DOCUMENT_ROOT}/%{REQUEST_FILENAME}.gz [E=no-gzip,L]

So to explain it shortly:

  • this changes the configuration so that .br and .gz files have the same type for Apache as the ones without those suffixes. This has to be in sync with what is done by the static site generator or your shell script.
  • if a browser accepts Brotli compressed files and the requested file exists with a .br suffix, serve this file.
  • if a browser accepts Gzip compressed files and the requested file exists with a .gz suffix, serve this file.
  • in both cases, if the file with the suffix is served, the no-gzip environment variable is set so that mod_deflate does not try to compress again the file.

And that's it for serving pre-compressed files! You can see in the network panel that files are now served with Content-Encoding: br and maybe loading feels a bit snappier.

Screenshot of Firefox dev
    tools showing the HTTP headers

Some stats

This little experiment is a good opportunity to look at some numbers about Gzip vs. Brotli vs. no compression.

Time to compress files

At their maximum compression level, Brotli is way slower than Gzip. At the time of writing, 1452 files are matching the regular expression mentioned above. On my Macbook pro, metalsmith-gzip takes less than 400 milliseconds to compress those while for Brotli, this takes almost 6 seconds! Using the shell version, I find out that it takes almost 24 seconds to compress those files with Brotli and a bit more than 1 second for Gzip.

Even if in this setup, this does not matter much, it's interesting to note that the difference is somehow of an order of magnitude.

Resulting sizes

After all, that's the point of compressing, so let's have a look at the resulting size of some files (unless mentioned, sizes are in bytes).

File(s) Size Gzip Brotli Gzip - Brotli
Homepage 8293 239929% 199124% -408
RSS feed 57368 1963634% 1699830% -2638
Main stylesheet 10943 303428% 259124% -443
robots.txt 24 44183% 28117% -16
Posts index 6772 189228% 158723% -305
Latest post in English 13814 443732% 368127% -756
Total 11.65Mb 4Mb34% 3.4Mb29% -579Kb

Almost no surprise here, Brotli compressed files are about 5% (of the initial size) smaller than the Gzipped one. Given that most of my pages are quite small already, that's not a lot in absolute value but still an interesting gain. Only exceptions to that are very small files like my robots.txt where compressed ones are bigger than the original. So for the sake of completeness, I should not compress those but we are talking of 4 or 20 bytes depending on the algorithm :)

03/05/2018 02:10 am   pwet.fr/blog   Mirror   Link  

This week, Symfony 2.7.42, 2.8.35, 3.4.5 and 4.0.5 maintenance versions were published. In addition, Symfony improved the accessibility of the Bootstrap 4 form theme to comply with the WCAG standard: it fixed some HTML issues, added new attributes and improved how form errors are displayed. Finally, it was proposed a way to simplify the User and UserChecker.

Symfony development highlights

2.7 changelog:

  • 4f14fff: [Routing] don't throw 405 when scheme requirement doesn't match
  • 4063958: [Debug] keep previous errors of Error instances
  • 0c5f839, 79e8545: [WebProfilerBundle] fixed a bug in the JavaScript code of the debug toolbar

3.4 changelog:

  • 52af59f: [FrameworkBundle] set controller without __invoke method from invokable class
  • 1192918: [Routing] fixed GC control of PHP-DSL
  • 4261b19: [FrameworkBundle, Console] added a warning when command is not found
  • b953e85: [Form] fixed HTML errors related to WCAG
  • 4a9e5c7: [WebProfilerBundle] limit ajax request list to the last 100 requests
  • 18beaee: [Form] add hidden labels on date and time fields to comply with WCAG
  • bacae4d: [Form] added role="presentation" on tables & removed bootstrap4 table to comply with WCAG
  • c572e6c: [Form] added error signs for people that do not see colors to comply with WCAG
  • 6628318: [FrameworkBundle] silence "Failed to remove directory" on cache:clear
  • 6ac7b50: [DependencyInjection] fixed missing "id" normalization when dumping the container

Master changelog:

  • a1b2414: [Routing] added support scheme requirement without redirectable dumped matcher
  • 4c98001: [SecurityBundle] deprecated switch_user.stateless config node
  • b2df671: [FrameworkBundle] autoconfigure service locator tag
  • 1f7b9f0: [FrameworkBundle] added a command to delete an item from a cache pool

Newest issues and pull requests

They talked about us


Be trained by Symfony experts - 2018-03-12 Cologne - 2018-03-19 Clichy - 2018-03-19 Clichy
03/04/2018 03:15 am   Symfony Blog   Mirror   Link   @8
@ezpublishlegacy
ezpublishlegacy pushed to master in ezpublishlegacy/LegacyBridge
  • @julienlegrand07 37ab210
    remove the warning of obsolete use without a single quotation mark (#…
Mar 3, 2018
03/03/2018 12:21 pm   eZPublishLegacy @ GitHub   Mirror   Link  
@ezpublishlegacy
ezpublishlegacy pushed to master in ezpublishlegacy/xrowworkflow
Mar 2, 2018
03/02/2018 01:21 pm   eZPublishLegacy @ GitHub   Mirror   Link   @6
@ezpublishlegacy
ezpublishlegacy pushed to master in ezpublishlegacy/ezpublish-api
Mar 2, 2018
03/02/2018 12:37 pm   eZPublishLegacy @ GitHub   Mirror   Link   @6
@ezecosystem
ezecosystem pushed to master in ezecosystem/Sylius
Mar 2, 2018
03/02/2018 12:29 pm   eZecosystem @ GitHub   Mirror   Link   @4
@ezecosystem
ezecosystem pushed to master in ezecosystem/ezpublish-kernel
Mar 2, 2018
03/02/2018 12:21 pm   eZecosystem @ GitHub   Mirror   Link   @4
@ezecosystem
ezecosystem pushed to master in ezecosystem/ezpublish-api
Mar 2, 2018
03/02/2018 12:17 pm   eZecosystem @ GitHub   Mirror   Link   @4

News

Announcing the NEW eZ Conference 2018

As many of you already know, eZ Conference will be in Cologne this year, June 5-6. But what you probably don’t know yet is that our annual event will come with a few changes to its layout this year. Read the announcement for the full details.

Submit Your Nomination for eZ Awards 2018

Nominations are now open for the eZ Awards. We invite everyone to submit their nominations for who in the eZ community best performed at each of the eight categories in the past year. Find out which categories we have this year and submit your nominations here.

Nominate Yourself for the eZ Community Board

The current Community Board has been in place since March 2017. With a term of one year, it is now time to renew the Board. Being part of the eZ Community Board is a special opportunity to help guide the development of the eZ Community. Are you interested in joining? Check the full details and leave your comment.

Security Advisories

Two security advisories have been published this week:

In Other News:

Resources

Publish Your Blog on ezplatform.com

Sharing your knowledge through blogging, in the form of technical how-to’s or case studies, is an excellent way for our community to learn more from each other about eZ Platform. You can increase your reading audience by having your article reposted on ezplatform.com. Contact us at community@ez.no, and we will review your article, and publish an excerpt linking back to your original post.

Looking for a bundle compatible with eZ Platform? Check out: https://ezplatform.com/Bundles.

Social Media

Follow us on Twitter, Facebook, LinkedIn, Google+, or YouTube, and join our Community for any help with eZ Platform or community-related questions.

Find eZ at These Events

For more events, make sure to check out this list.

Each week we publish a roundup of highlights from the eZ ecosystem. If you have any news or events to share, please contact me.

(Lead image credit: Victoria Pickering, CC)

03/02/2018 11:42 am   ez.no/About-eZ/Blog   Mirror   Link   @8

News

Announcing the NEW eZ Conference 2018

As many of you already know, eZ Conference will be in Cologne this year, June 5-6. But what you probably don’t know yet is that our annual event will come with a few changes to its layout this year. Read the announcement for the full details.

Submit Your Nomination for eZ Awards 2018

Nominations are now open for the eZ Awards. We invite everyone to submit their nominations for who in the eZ community best performed at each of the eight categories in the past year. Find out which categories we have this year and submit your nominations here.

Nominate Yourself for the eZ Community Board

The current Community Board has been in place since March 2017. With a term of one year, it is now time to renew the Board. Being part of the eZ Community Board is a special opportunity to help guide the development of the eZ Community. Are you interested in joining? Check the full details and leave your comment.

Security Advisories

Two security advisories have been published this week:

In Other News:

Resources

Publish Your Blog on ezplatform.com

Sharing your knowledge through blogging, in the form of technical how-to’s or case studies, is an excellent way for our community to learn more from each other about eZ Platform. You can increase your reading audience by having your article reposted on ezplatform.com. Contact us at community@ez.no, and we will review your article, and publish an excerpt linking back to your original post.

Looking for a bundle compatible with eZ Platform? Check out: https://ezplatform.com/Bundles.

Social Media

Follow us on Twitter, Facebook, LinkedIn, Google+, or YouTube, and join our Community for any help with eZ Platform or community-related questions.

Find eZ at These Events

For more events, make sure to check out this list.

Each week we publish a roundup of highlights from the eZ ecosystem. If you have any news or events to share, please contact me.

(Lead image credit: Victoria Pickering, CC)

03/02/2018 11:42 am   eZ Systems News   Mirror   Link   @10

We recently used OneAll to develop a feature that allows user generated content to be created, submitted for review, published, and then automatically posted to the creator's social media channels without additional effort on their part. Here's how we accomplished this.

03/02/2018 09:52 am   share.ez.no/blogs   Mirror   Link   @8

Contributed by
Iltar van der Berg
in #23508.

Security is the trickiest part of any application, but the Symfony Security component helps you solving most of those problems. However, providing simple security tools to developers while maintaining first-class security which follows the latest best practices in the security field is a challenging problem.

One of our ongoing goals for security is to simplify some of its features. That's why in Symfony 4.1 we have deprecated the AdvancedUserInterface. This interface provided extra methods to the base user class related to account status flags:

1
2
3
4
5
6
7
8
9
namespace Symfony\Component\Security\Core\User;

interface AdvancedUserInterface extends UserInterface
{
    public function isAccountNonExpired();
    public function isAccountNonLocked();
    public function isCredentialsNonExpired();
    public function isEnabled();
}

Given that these methods are mostly related to your application domain logic, we've decided to deprecate it in Symfony 4.1 and remove it in Symfony 5.0. No alternative is provided for this interface. If you need this kind of checks, create a user checker, which perform additional checks during the authentication of a user to verify if the identified user is allowed to log in.


Be trained by Symfony experts - 2018-03-12 Cologne - 2018-03-19 Clichy - 2018-03-19 Clichy
03/02/2018 06:19 am   Symfony Blog   Mirror   Link   @6

We recently used OneAll to develop a feature that allows user generated content to be created, submitted for review, published, and then automatically posted to the creator's social media channels without additional effort on their part. Here's how we accomplished this.

03/02/2018 12:44 am   Mugo Web Blog   Mirror   Link   @4

Symfony 4.0.5 has just been released. Here is a list of the most important changes:

  • bug #26327 [Form][WCAG] Errors sign for people that do not see colors (@Nyholm)
  • bug #26326 [Form][WCAG] Added role="presentation" on tables & removed bootstrap4 table (@Nyholm)
  • bug #26325 [Form][WCAG] Add hidden labels on date and time fields (@Nyholm)
  • bug #26338 [Debug] Keep previous errors of Error instances (@Philipp91)
  • bug #26328 [Form][WCAG] Fixed HTML errors (@Nyholm)
  • bug #26290 [FrameworkBundle] [Console][DX] add a warning when command is not found (@Simperfit)
  • bug #26318 [Routing] Fix GC control of PHP-DSL (@nicolas-grekas)
  • bug #26312 [Routing] Don't throw 405 when scheme requirement doesn't match (@nicolas-grekas)
  • bug #26275 Set controller without invoke method from invokable class (@Tobion)
  • bug #26298 Fix ArrayInput::toString() for InputArgument::IS_ARRAY args (@maximium)
  • bug #26177 Update excluded_ajax_paths for sf4 (@jenaye)
  • bug #26289 [Security] Add missing use of Role (@tony-tran)
  • bug #26286 [Security] Add missing use for RoleInterface (@tony-tran)
  • bug #26265 [PropertyInfo] throw exception if docblock factory does not exist (@xabbuh)
  • bug #26247 [Translation] Process multiple segments within a single unit. (@timewasted)
  • bug #26254 fix custom radios/inputs for checkbox/radio type (@mssimi)
  • bug #26234 [FrameworkBundle] Add missing XML config for circular_reference_handler (@dunglas)
  • bug #26236 [PropertyInfo] ReflectionExtractor: give a chance to other extractors if no properties (@dunglas)
  • bug #26227 Add support for URL-like DSNs for the PdoSessionHandler (@stof)
  • bug #25557 [WebProfilerBundle] add a way to limit ajax request (@Simperfit)
  • bug #26088 [FrameworkBundle] Fix using annotation_reader in compiler pass to inject configured cache provider (@Laizerox)
  • bug #26157 [HttpKernel] Send new session cookie from AbstractTestSessionListener after session invalidation (@rpkamp)
  • bug #26230 [WebProfilerBundle] Fix anchor CSS (@ro0NL)
  • bug #26228 [HttpFoundation] Fix missing "throw" in JsonResponse (@nicolas-grekas)
  • bug #26211 [Console] Suppress warning from sapi_windows_vt100_support (@adawolfa)
  • bug #26176 Retro-fit proxy code to make it deterministic for older proxy manager implementations (@lstrojny)
  • bug #25787 Yaml parser regression with comments and non-strings (@alexpott)
  • bug #26156 Fixes #26136: Avoid emitting warning in hasParameterOption() (@greg-1-anderson)
  • bug #26183 [DI] Add null check for removeChild (@changmin.keum)
  • bug #26167 [TwigBridge] Apply some changes to support Bootstrap4-stable (@mpiot, @Nyholm)
  • bug #26173 [Security] fix accessing request values (@xabbuh)
  • bug #26089 [PhpUnitBridge] Added support for PHPUnit 7 in Coverage Listener (@lyrixx)
  • bug #26170 [PHPUnit bridge] Avoid running the remove command without any packages (@stof)
  • bug #26159 created validator.tl.xlf for Form/Translations (@ergiegonzaga)
  • bug #26100 [Routing] Throw 405 instead of 404 when redirect is not possible (@nicolas-grekas)
  • bug #26119 [TwigBundle][WebProfilerBundle] Fix JS collision (@ro0NL)
  • bug #26040 [Process] Check PHP_BINDIR before $PATH in PhpExecutableFinder (@nicolas-grekas)
  • bug #26067 [YAML] Issue #26065: leading spaces in YAML multi-line string literals (@tamc)
  • bug #26012 Exit as late as possible (@greg0ire)
  • bug #26082 [Cache][WebProfiler] fix collecting cache stats with sub-requests + allow clearing calls (@dmaicher)
  • bug #26024 [PhpBridge] add PHPUnit 7 support to SymfonyTestsListener (@shieldo)
  • bug #26020 [Lock] Log already-locked errors as "notice" instead of "warning" (@Simperfit)
  • bug #26043 [Serialized] add context to serialize and deserialize (@andrey1s)
  • bug #26127 Deterministic time in cache items for reproducible builds (@lstrojny)
  • bug #26128 Make kernel build time optionally deterministic (@lstrojny)
  • bug #26117 isCsrfTokenValid() replace string by ?string (@GaylordP)
  • bug #26112 Env var maps to undefined constant. (@dsmink)
  • bug #26111 [Security] fix merge of 2.7 into 2.8 + add test case (@dmaicher)
  • bug #25893 [Console] Fix hasParameterOption / getParameterOption when used with multiple flags (@greg-1-anderson)
  • bug #25756 [TwigBundle] Register TwigBridge extensions first (@fancyweb)
  • bug #26051 [WebProfilerBundle] Fix sub request link (@ro0NL)
  • bug #25947 PhpDocExtractor::getTypes() throws fatal error when type omitted (@Jared Farrish)
  • bug #25940 [Form] keep the context when validating forms (@xabbuh)
  • bug #26057 [SecurityBundle] use libsodium to run Argon2i related tests (@xabbuh)
  • bug #25373 Use the PCRE_DOLLAR_ENDONLY modifier in route regexes (@mpdude)
  • bug #24435 [Form] Make sure errors are a part of the label on bootstrap 4 - this is a requirement for WCAG2 (@Nyholm)
  • bug #25762 [DependencyInjection] always call the parent class' constructor (@xabbuh)
  • bug #25976 [Config] Handle Service/EventSubscriberInterface in ReflectionClassResource (@nicolas-grekas)
  • bug #25989 [DI][Routing] Fix tracking of globbed resources (@nicolas-grekas, @sroze)
  • bug #26009 [SecurityBundle] Allow remember-me factory creation when multiple user providers are configured. (@iisisrael)
  • bug #26010 [CssSelector] For AND operator, the left operand should have parentheses, not only right operand (@Arnaud CHASSEUX)
  • bug #26000 Fixed issue #25985 (@KevinFrantz)
  • bug #25996 Don't show wanna-be-private services as public in debug:container (@chalasr)
  • bug #25914 [HttpKernel] collect extension information as late as possible (@xabbuh)
  • bug #25981 [DI] Fix tracking of source class changes for lazy-proxies (@nicolas-grekas)
  • bug #25971 [Debug] Fix bad registration of exception handler, leading to mem leak (@nicolas-grekas)
  • bug #25962 [Routing] Fix trailing slash redirection for non-safe verbs (@nicolas-grekas)
  • bug #25948 [Form] Fixed empty data on expanded ChoiceType and FileType (@HeahDude)
  • bug #25978 Deterministic proxy names (@lstrojny)
  • bug #25972 support sapi_windows_vt100_support for php 7.2+ (@jhdxr)
  • bug #25744 [TwigBridge] Allow label translation to be safe (@MatTheCat)
  • bug #25932 Don't stop PSR-4 service discovery if a parent class is missing (@derrabus)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.


Be trained by Symfony experts - 2018-03-12 Cologne - 2018-03-19 Clichy - 2018-03-19 Clichy
03/01/2018 02:16 pm   Symfony Blog   Mirror   Link   @6

Symfony 3.4.5 has just been released. Here is a list of the most important changes:

  • bug #26327 [Form][WCAG] Errors sign for people that do not see colors (@Nyholm)
  • bug #26326 [Form][WCAG] Added role="presentation" on tables & removed bootstrap4 table (@Nyholm)
  • bug #26325 [Form][WCAG] Add hidden labels on date and time fields (@Nyholm)
  • bug #26338 [Debug] Keep previous errors of Error instances (@Philipp91)
  • bug #26328 [Form][WCAG] Fixed HTML errors (@Nyholm)
  • bug #26290 [FrameworkBundle] [Console][DX] add a warning when command is not found (@Simperfit)
  • bug #26318 [Routing] Fix GC control of PHP-DSL (@nicolas-grekas)
  • bug #26312 [Routing] Don't throw 405 when scheme requirement doesn't match (@nicolas-grekas)
  • bug #26275 Set controller without invoke method from invokable class (@Tobion)
  • bug #26298 Fix ArrayInput::toString() for InputArgument::IS_ARRAY args (@maximium)
  • bug #26177 Update excluded_ajax_paths for sf4 (@jenaye)
  • bug #26286 [Security] Add missing use for RoleInterface (@tony-tran)
  • bug #26265 [PropertyInfo] throw exception if docblock factory does not exist (@xabbuh)
  • bug #26247 [Translation] Process multiple segments within a single unit. (@timewasted)
  • bug #26254 fix custom radios/inputs for checkbox/radio type (@mssimi)
  • bug #26234 [FrameworkBundle] Add missing XML config for circular_reference_handler (@dunglas)
  • bug #26236 [PropertyInfo] ReflectionExtractor: give a chance to other extractors if no properties (@dunglas)
  • bug #26227 Add support for URL-like DSNs for the PdoSessionHandler (@stof)
  • bug #25557 [WebProfilerBundle] add a way to limit ajax request (@Simperfit)
  • bug #26088 [FrameworkBundle] Fix using annotation_reader in compiler pass to inject configured cache provider (@Laizerox)
  • bug #26157 [HttpKernel] Send new session cookie from AbstractTestSessionListener after session invalidation (@rpkamp)
  • bug #26230 [WebProfilerBundle] Fix anchor CSS (@ro0NL)
  • bug #26228 [HttpFoundation] Fix missing "throw" in JsonResponse (@nicolas-grekas)
  • bug #26211 [Console] Suppress warning from sapi_windows_vt100_support (@adawolfa)
  • bug #26176 Retro-fit proxy code to make it deterministic for older proxy manager implementations (@lstrojny)
  • bug #25787 Yaml parser regression with comments and non-strings (@alexpott)
  • bug #26156 Fixes #26136: Avoid emitting warning in hasParameterOption() (@greg-1-anderson)
  • bug #26183 [DI] Add null check for removeChild (@changmin.keum)
  • bug #26167 [TwigBridge] Apply some changes to support Bootstrap4-stable (@mpiot, @Nyholm)
  • bug #26173 [Security] fix accessing request values (@xabbuh)
  • bug #26089 [PhpUnitBridge] Added support for PHPUnit 7 in Coverage Listener (@lyrixx)
  • bug #26170 [PHPUnit bridge] Avoid running the remove command without any packages (@stof)
  • bug #26159 created validator.tl.xlf for Form/Translations (@ergiegonzaga)
  • bug #26100 [Routing] Throw 405 instead of 404 when redirect is not possible (@nicolas-grekas)
  • bug #26119 [TwigBundle][WebProfilerBundle] Fix JS collision (@ro0NL)
  • bug #26040 [Process] Check PHP_BINDIR before $PATH in PhpExecutableFinder (@nicolas-grekas)
  • bug #26067 [YAML] Issue #26065: leading spaces in YAML multi-line string literals (@tamc)
  • bug #26012 Exit as late as possible (@greg0ire)
  • bug #26082 [Cache][WebProfiler] fix collecting cache stats with sub-requests + allow clearing calls (@dmaicher)
  • bug #26024 [PhpBridge] add PHPUnit 7 support to SymfonyTestsListener (@shieldo)
  • bug #26020 [Lock] Log already-locked errors as "notice" instead of "warning" (@Simperfit)
  • bug #26043 [Serialized] add context to serialize and deserialize (@andrey1s)
  • bug #26127 Deterministic time in cache items for reproducible builds (@lstrojny)
  • bug #26128 Make kernel build time optionally deterministic (@lstrojny)
  • bug #26112 Env var maps to undefined constant. (@dsmink)
  • bug #26111 [Security] fix merge of 2.7 into 2.8 + add test case (@dmaicher)
  • bug #25893 [Console] Fix hasParameterOption / getParameterOption when used with multiple flags (@greg-1-anderson)
  • bug #25756 [TwigBundle] Register TwigBridge extensions first (@fancyweb)
  • bug #26051 [WebProfilerBundle] Fix sub request link (@ro0NL)
  • bug #25947 PhpDocExtractor::getTypes() throws fatal error when type omitted (@Jared Farrish)
  • bug #25940 [Form] keep the context when validating forms (@xabbuh)
  • bug #26057 [SecurityBundle] use libsodium to run Argon2i related tests (@xabbuh)
  • bug #25373 Use the PCRE_DOLLAR_ENDONLY modifier in route regexes (@mpdude)
  • bug #24435 [Form] Make sure errors are a part of the label on bootstrap 4 - this is a requirement for WCAG2 (@Nyholm)
  • bug #25762 [DependencyInjection] always call the parent class' constructor (@xabbuh)
  • bug #25976 [Config] Handle Service/EventSubscriberInterface in ReflectionClassResource (@nicolas-grekas)
  • bug #25989 [DI][Routing] Fix tracking of globbed resources (@nicolas-grekas, @sroze)
  • bug #26009 [SecurityBundle] Allow remember-me factory creation when multiple user providers are configured. (@iisisrael)
  • bug #26010 [CssSelector] For AND operator, the left operand should have parentheses, not only right operand (@Arnaud CHASSEUX)
  • bug #26000 Fixed issue #25985 (@KevinFrantz)
  • bug #25996 Don't show wanna-be-private services as public in debug:container (@chalasr)
  • bug #25914 [HttpKernel] collect extension information as late as possible (@xabbuh)
  • bug #25981 [DI] Fix tracking of source class changes for lazy-proxies (@nicolas-grekas)
  • bug #25971 [Debug] Fix bad registration of exception handler, leading to mem leak (@nicolas-grekas)
  • bug #25962 [Routing] Fix trailing slash redirection for non-safe verbs (@nicolas-grekas)
  • bug #25948 [Form] Fixed empty data on expanded ChoiceType and FileType (@HeahDude)
  • bug #25978 Deterministic proxy names (@lstrojny)
  • bug #25972 support sapi_windows_vt100_support for php 7.2+ (@jhdxr)
  • bug #25744 [TwigBridge] Allow label translation to be safe (@MatTheCat)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.


Be trained by Symfony experts - 2018-03-12 Cologne - 2018-03-19 Clichy - 2018-03-19 Clichy
03/01/2018 01:47 pm   Symfony Blog   Mirror   Link   @6

Symfony 2.8.35 has just been released. Here is a list of the most important changes:

  • bug #26338 [Debug] Keep previous errors of Error instances (@Philipp91)
  • bug #26312 [Routing] Don't throw 405 when scheme requirement doesn't match (@nicolas-grekas)
  • bug #26298 Fix ArrayInput::toString() for InputArgument::IS_ARRAY args (@maximium)
  • bug #26236 [PropertyInfo] ReflectionExtractor: give a chance to other extractors if no properties (@dunglas)
  • bug #25557 [WebProfilerBundle] add a way to limit ajax request (@Simperfit)
  • bug #26228 [HttpFoundation] Fix missing "throw" in JsonResponse (@nicolas-grekas)
  • bug #26211 [Console] Suppress warning from sapi_windows_vt100_support (@adawolfa)
  • bug #26156 Fixes #26136: Avoid emitting warning in hasParameterOption() (@greg-1-anderson)
  • bug #26183 [DI] Add null check for removeChild (@changmin.keum)
  • bug #26173 [Security] fix accessing request values (@xabbuh)
  • bug #26159 created validator.tl.xlf for Form/Translations (@ergiegonzaga)
  • bug #26100 [Routing] Throw 405 instead of 404 when redirect is not possible (@nicolas-grekas)
  • bug #26040 [Process] Check PHP_BINDIR before $PATH in PhpExecutableFinder (@nicolas-grekas)
  • bug #26012 Exit as late as possible (@greg0ire)
  • bug #26111 [Security] fix merge of 2.7 into 2.8 + add test case (@dmaicher)
  • bug #25893 [Console] Fix hasParameterOption / getParameterOption when used with multiple flags (@greg-1-anderson)
  • bug #25940 [Form] keep the context when validating forms (@xabbuh)
  • bug #25373 Use the PCRE_DOLLAR_ENDONLY modifier in route regexes (@mpdude)
  • bug #26010 [CssSelector] For AND operator, the left operand should have parentheses, not only right operand (@Arnaud CHASSEUX)
  • bug #25971 [Debug] Fix bad registration of exception handler, leading to mem leak (@nicolas-grekas)
  • bug #25962 [Routing] Fix trailing slash redirection for non-safe verbs (@nicolas-grekas)
  • bug #25948 [Form] Fixed empty data on expanded ChoiceType and FileType (@HeahDude)
  • bug #25972 support sapi_windows_vt100_support for php 7.2+ (@jhdxr)
  • bug #25744 [TwigBridge] Allow label translation to be safe (@MatTheCat)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.


Be trained by Symfony experts - 2018-03-12 Cologne - 2018-03-19 Clichy - 2018-03-19 Clichy
03/01/2018 01:17 pm   Symfony Blog   Mirror   Link   @6

Symfony 2.7.42 has just been released. Here is a list of the most important changes:

  • bug #26338 [Debug] Keep previous errors of Error instances (@Philipp91)
  • bug #26312 [Routing] Don't throw 405 when scheme requirement doesn't match (@nicolas-grekas)
  • bug #26298 Fix ArrayInput::toString() for InputArgument::IS_ARRAY args (@maximium)
  • bug #25557 [WebProfilerBundle] add a way to limit ajax request (@Simperfit)
  • bug #26228 [HttpFoundation] Fix missing "throw" in JsonResponse (@nicolas-grekas)
  • bug #26211 [Console] Suppress warning from sapi_windows_vt100_support (@adawolfa)
  • bug #26156 Fixes #26136: Avoid emitting warning in hasParameterOption() (@greg-1-anderson)
  • bug #26183 [DI] Add null check for removeChild (@changmin.keum)
  • bug #26159 created validator.tl.xlf for Form/Translations (@ergiegonzaga)
  • bug #26100 [Routing] Throw 405 instead of 404 when redirect is not possible (@nicolas-grekas)
  • bug #26040 [Process] Check PHP_BINDIR before $PATH in PhpExecutableFinder (@nicolas-grekas)
  • bug #26012 Exit as late as possible (@greg0ire)
  • bug #25893 [Console] Fix hasParameterOption / getParameterOption when used with multiple flags (@greg-1-anderson)
  • bug #25940 [Form] keep the context when validating forms (@xabbuh)
  • bug #25373 Use the PCRE_DOLLAR_ENDONLY modifier in route regexes (@mpdude)
  • bug #26010 [CssSelector] For AND operator, the left operand should have parentheses, not only right operand (@Arnaud CHASSEUX)
  • bug #25971 [Debug] Fix bad registration of exception handler, leading to mem leak (@nicolas-grekas)
  • bug #25962 [Routing] Fix trailing slash redirection for non-safe verbs (@nicolas-grekas)
  • bug #25948 [Form] Fixed empty data on expanded ChoiceType and FileType (@HeahDude)
  • bug #25972 support sapi_windows_vt100_support for php 7.2+ (@jhdxr)
  • bug #25744 [TwigBridge] Allow label translation to be safe (@MatTheCat)

Want to upgrade to this new release? Fortunately, because Symfony protects backwards-compatibility very closely, this should be quite easy. Read our upgrade documentation to learn more.

Want to be notified whenever a new Symfony release is published? Or when a version is not maintained anymore? Or only when a security issue is fixed? Consider subscribing to the Symfony Roadmap Notifications.


Be trained by Symfony experts - 2018-03-12 Cologne - 2018-03-19 Clichy - 2018-03-19 Clichy
03/01/2018 08:33 am   Symfony Blog   Mirror   Link   @8
  • 5 Questions Every Unit Test Must Answer (en) : Une synthèse intéressante tant il est facile se perdre pendant l'écriture de tests unitaires.
  • Mutation testing with infection in big PHP projects (en) : où finalement on peut se mettre à tester les tests :-) Blague à part, il est surtout intéressant de comprendre qu'un code couvert 100% par des tests ne veut pas dire que le code est bien testé. Et dans ce cadre, ce type d'outil permet d'approcher la couverture réelle du code par les tests.
  • Using Vim to View Git Commits (en) : Vim (ou neovim) est non seulement capable d'afficher les logs git mais est aussi capable de permettre la navigation dans les commits!
  • WIP de 1, une histoire de WIP limits qui finit bien (fr) : Retour d'expérience intéressant sur la définition du paramètre WIP (Limitation du Work In Progress/Process) en Kanban.
  • Lasagna code - too many layers? (en) : Matthias Noback est comme d'habitude très pertinent avec plusieurs bons conseils dans ce billets.
  • Third party CSS is not safe (en) : Au delà du Keylogger en CSS qui a agité le petit monde du développement web dernièrement, l'inclusion d'une feuille de style externe expose à d'autres problèmes de sécurité.
  • The inception of ESLint (en) : la genèse du maintenant fameux projet ESLint
  • Genuine guide to testing React & Redux applications (en) : Un article plein de bon sens sur une stratégie de test possible d'une application React/Redux. Pour résumer, tests unitaires et tests d'intégration peuvent être complémentaires. Le paragraphe sur les snapshot tests me paraît également très pertinent.

Et un peu totalement hors-sujet :

  • Une chanson, l'addition (fr) : Une chaîne Youtube vraiment sympa qui présente chaque semaine en moins de 3 minutes l'histoire d'une chanson.

(En plus du flux RSS global, les billets veille et uniquement ceux là sont listés dans le flux RSS veille)

03/01/2018 06:57 am   pwet.fr/blog   Mirror   Link   @6

Contributed by
Nicolas Grekas
in #26283.

Historically, URLs have followed the UNIX convention of adding trailing slashes for directories and removing them to refer to files:

  • https://example.com/foo/ is usually considered a directory called foo
  • https://example.com/foo is usually considered a file called foo without any file extension.

Although serving different content for /foo and /foo/ is OK for Google, nowadays it's common to treat both URLs as the same URL and redirect between them.

Since day one Symfony has helped you in one of the two sides of this problem. If you define a route with a path ending with a slash, both URLs work and the one without slash redirects to the other one:

1
2
3
4
# config/routes.yaml
foo_route:
    path: '/foo/'
    controller: App\Controller\DefaultController::foo

In this example, a GET /foo/ request returns a 200 response and a GET /foo request returns a 301 (Moved Permanently) redirect to /foo/. In Symfony 4.1 we improved the router to make smarter redirections in the other way too. Consider this route definition:

1
2
3
4
# config/routes.yaml
foo_route:
    path: '/foo'
    controller: App\Controller\DefaultController::foo

Previously to Symfony 4.1, a GET /foo/ request resulted in a 404 response. In Symfony 4.1, it results in a 301 redirect to /foo, making the trailing slash smart logic finally work both ways.


Be trained by Symfony experts - 2018-03-12 Cologne - 2018-03-19 Clichy - 2018-03-19 Clichy
03/01/2018 03:54 am   Symfony Blog   Mirror   Link   @8

Imagine thousands of Canadian kids’ books, located in one place. They’re here, complete with a database you can search by genre, age range, grade level, and theme. Add to that hundreds of classroom resources for teachers, librarians, and educators to explore by type, subject, and grade level and you've got the perfect match.

02/28/2018 10:00 pm   Mugo Web Blog   Mirror   Link   @13
@ezpublishlegacy
ezpublishlegacy pushed to master in ezpublishlegacy/xrowvideo
  • @dennisxrow 8e93415
    Don't rely on MJPEG codec to determine if file is audio or not
Feb 28, 2018
02/28/2018 12:59 pm   eZPublishLegacy @ GitHub   Mirror   Link   @6
@ezpublishlegacy
ezpublishlegacy pushed to master in ezpublishlegacy/TagsBundle
Feb 28, 2018
02/28/2018 12:52 pm   eZPublishLegacy @ GitHub   Mirror   Link   @6