8000 feature #58244 [HttpFoundation] Deprecate more options in `NativeSess… · symfony/symfony@3c9f994 · GitHub
[go: up one dir, main page]
Skip to content

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 3c9f994

Browse files
nicolas-grekasnicolas-grekas
committed
feature #58244 [HttpFoundation] Deprecate more options in NativeSessionStorage (alexandre-daubois)
This PR was merged into the 7.2 branch. Discussion ---------- [HttpFoundation] Deprecate more options in `NativeSessionStorage` | Q | A | ------------- | --- | Branch? | 7.2 | Bug fix? | no | New feature? | no | Deprecations? | yes | Issues | - | License | MIT Another round of deprecations for sessions. RFC for reference: https://wiki.php.net/rfc/deprecate-get-post-sessions#proposal Commits ------- 60c1aae [HttpFoundation] Deprecate passing `referer_check`, `use_only_cookies`, `use_trans_sid`, `trans_sid_hosts` and `trans_sid_tags` options to `NativeSessionStorage`
2 parents b7572a5 + 60c1aae commit 3c9f994

File tree

6 files changed

+43
-6
lines changed

6 files changed

+43
-6
lines changed

UPGRADE-7.2.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,11 @@ FrameworkBundle
2929

3030
* [BC BREAK] The `secrets:decrypt-to-local` command terminates with a non-zero exit code when a secret could not be read
3131

32+
HttpFoundation
33+
--------------
34+
35+
* Deprecate passing `referer_check`, `use_only_cookies`, `use_trans_sid`, `trans_sid_hosts` and `trans_sid_tags` options to `NativeSessionStorage`
36+
3237
Ldap
3338
----
3439

src/Symfony/Component/HttpFoundation/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ CHANGELOG
77
* Add optional `$requests` parameter to `RequestStack::__construct()`
88
* Add optional `$v4Bytes` and `$v6Bytes` parameters to `IpUtils::anonymize()`
99
* Add `PRIVATE_SUBNETS` as a shortcut for private IP address ranges to `Request::setTrustedProxies()`
10+
* Deprecate passing `referer_check`, `use_only_cookies`, `use_trans_sid`, `trans_sid_hosts` and `trans_sid_tags` options to `NativeSessionStorage`
1011

1112
7.1
1213
---

src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -62,16 +62,16 @@ class NativeSessionStorage implements SessionStorageInterface
6262
* gc_probability, "1"
6363
* lazy_write, "1"
6464
* name, "PHPSESSID"
65-
* referer_check, ""
65+
* referer_check, "" (deprecated since Symfony 7.2, to be removed in Symfony 8.0)
6666
* serialize_handler, "php"
6767
* use_strict_mode, "1"
6868
* use_cookies, "1"
69-
* use_only_cookies, "1"
70-
* use_trans_sid, "0"
69+
* use_only_cookies, "1" (deprecated since Symfony 7.2, to be removed in Symfony 8.0)
70+
* use_trans_sid, "0" (deprecated since Symfony 7.2, to be removed in Symfony 8.0)
7171
* sid_length, "32"
7272
* sid_bits_per_character, "5"
73-
* trans_sid_hosts, $_SERVER['HTTP_HOST']
74-
* trans_sid_tags, "a=href,area=href,frame=src,form="
73+
* trans_sid_hosts, $_SERVER['HTTP_HOST'] (deprecated since Symfony 7.2, to be removed in Symfony 8.0)
74+
* trans_sid_tags, "a=href,area=href,frame=src,form=" (deprecated since Symfony 7.2, to be removed in Symfony 8.0)
7575
*/
7676
public function __construct(array $options = [], AbstractProxy|\SessionHandlerInterface|null $handler = null, ?MetadataBag $metaBag = null)
7777
{
@@ -328,6 +328,10 @@ public function setOptions(array $options): void
328328
]);
329329

330330
foreach ($options as $key => $value) {
331+
if (\in_array($key, ['referer_check', 'use_only_cookies', 'use_trans_sid', 'trans_sid_hosts', 'trans_sid_tags'], true)) {
332+
trigger_deprecation('symfony/http-foundation', '7.2', 'NativeSessionStorage\'s "%s" option is deprecated and will be ignored in Symfony 8.0.', $key);
333+
}
334+
331335
if (isset($validOptions[$key])) {
332336
if ('cookie_secure' === $key && 'auto' === $value) {
333337
continue;

src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/common.inc

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,6 @@ ini_set('session.cookie_domain', '');
2828
ini_set('session.cookie_secure', '');
2929
ini_set('session.cookie_httponly', '');
3030
ini_set('session.use_cookies', 1);
31-
ini_set('session.use_only_cookies', 1);
3231
ini_set('session.cache_expire', 180);
3332
ini_set('session.cookie_path', '/');
3433
ini_set('session.cookie_domain', '');

src/Symfony/Component/HttpFoundation/Tests/Session/Storage/NativeSessionStorageTest.php

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
namespace Symfony\Component\HttpFoundation\Tests\Session\Storage;
1313

1414
use PHPUnit\Framework\TestCase;
15+
use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
1516
use Symfony\Component\HttpFoundation\Session\Attribute\AttributeBag;
1617
use Symfony\Component\HttpFoundation\Session\Flash\FlashBag;
1718
use Symfony\Component\HttpFoundation\Session\Storage\Handler\NativeFileSessionHandler;
@@ -32,6 +33,8 @@
3233
*/
3334
class NativeSessionStorageTest extends TestCase
3435
{
36+
use ExpectDeprecationTrait;
37+
3538
private string $savePath;
3639

3740
private $initialSessionSaveHandler;
@@ -215,10 +218,14 @@ public function testCacheExpireOption()
215218
}
216219

217220
/**
221+
* @group legacy
222+
*
218223
* The test must only be removed when the "session.trans_sid_tags" option is removed from PHP or when the "trans_sid_tags" option is no longer supported by the native session storage.
219224
*/
220225
public function testTransSidTagsOption()
221226
{
227+
$this->expectDeprecation('Since symfony/http-foundation 7.2: NativeSessionStorage\'s "trans_sid_tags" option is deprecated and will be ignored in Symfony 8.0.');
228+
222229
$previousErrorHandler = set_error_handler(function ($errno, $errstr) use (&$previousErrorHandler) {
223230
if ('ini_set(): Usage of session.trans_sid_tags INI setting is deprecated' !== $errstr) {
224231
return $previousErrorHandler ? $previousErrorHandler(...\func_get_args()) : false;
@@ -357,4 +364,24 @@ public function testSaveHandlesNullSessionGracefully()
357364

358365
$this->addToAssertionCount(1);
359366
}
367+
368+
/**
369+
* @group legacy
370+
*/
371+
public function testPassingDeprecatedOptions()
372+
{
373+
$this->expectDeprecation('Since symfony/http-foundation 7.2: NativeSessionStorage\'s "referer_check" option is deprecated and will be ignored in Symfony 8.0.');
374+
$this->expectDeprecation('Since symfony/http-foundation 7.2: NativeSessionStorage\'s "use_only_cookies" option is deprecated and will be ignored in Symfony 8.0.');
375+
$this->expectDeprecation('Since symfony/http-foundation 7.2: NativeSessionStorage\'s "use_trans_sid" option is deprecated and will be ignored in Symfony 8.0.');
376+
$this->expectDeprecation('Since symfony/http-foundation 7.2: NativeSessionStorage\'s "trans_sid_hosts" option is deprecated and will be ignored in Symfony 8.0.');
377+
$this->expectDeprecation('Since symfony/http-foundation 7.2: NativeSessionStorage\'s "trans_sid_tags" option is deprecated and will be ignored in Symfony 8.0.');
378+
379+
$this->getStorage([
380+
'referer_check' => 'foo',
381+
'use_only_cookies' => 'foo',
382+
'use_trans_sid' => 'foo',
383+
'trans_sid_hosts' => 'foo',
384+
'trans_sid_tags' => 'foo',
385+
]);
386+
}
360387
}

src/Symfony/Component/HttpFoundation/composer.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@
1717
],
1818
"require": {
1919
"php": ">=8.2",
20+
"symfony/deprecation-contracts": "^2.5|^3.0",
2021
"symfony/polyfill-mbstring": "~1.1",
2122
"symfony/polyfill-php83": "^1.27"
2223
},

0 commit comments

Comments
 (0)
0