Merge branch '3.4' into 4.0

* 3.4:
  Update serializer.rst
  Tweak wording in Upgrading a Patch Version
  Reword the explanation about HTTP exceptions
  added documentation for author tag management
  be more clear about child form to be themed
  FIX : accessing global variable tokenStorage
  Wrong attribute serializer xml
  fix FormError access in Twig template
  class attribute still needed in some cases
  Be consistent how we write "core team"
  add missing redirection map entry
  Added a note about using the security checker independently
  Use the default article title
  Use "children" property instead of "child"
  Update web_server_configuration.rst
  Encore.configureUrlLoader() documentation
  Updated a Twig example

Author: javiereguiluz

_build/redirection_map

@@ -379,6 +379,7 @@
 /reference/configuration/assetic /frontend/assetic
 /security/target_path /security
 /security/csrf_in_login_form /security/csrf
+/service_container/service_locators /service_container/service_subscribers_locators
 /service_container/third_party /service_container
 /templating/templating_service /templates
 /testing/simulating_authentication /testing/http_authentication

components/serializer.rst

@@ -796,9 +796,8 @@ Here, we set it to 2 for the ``$child`` property:
                 http://symfony.com/schema/dic/serializer-mapping/serializer-mapping-1.0.xsd"
         >
             <class name="Acme\MyObj">
-                <attribute name="foo">
-                    <max-depth>2</max-depth>
-                </attribute>
+                <attribute name="foo" max-depth="2" />
+            </class>
         </serializer>
 
 The metadata loader corresponding to the chosen format must be configured in

contributing/code/core_team.rst

@@ -9,7 +9,7 @@ All the Symfony Core members are long-time contributors with solid technical
 expertise and they have demonstrated a strong commitment to drive the project
 forward.
 
-This document states the rules that govern the Symfony Core team. These rules
+This document states the rules that govern the Symfony core team. These rules
 are effective upon publication of this document and all Symfony Core members
 must adhere to said rules and protocol.
 
@@ -121,7 +121,7 @@ Active Core Members
 Former Core Members
 ~~~~~~~~~~~~~~~~~~~
 
-They are no longer part of the Core Team, but we are very grateful for all their
+They are no longer part of the core team, but we are very grateful for all their
 Symfony contributions:
 
 * **Bernhard Schussek** (`webmozart`_);

contributing/code/security.rst

@@ -11,13 +11,13 @@ Reporting a Security Issue
 If you think that you have found a security issue in Symfony, don't use the
 bug tracker and don't publish it publicly. Instead, all security issues must
 be sent to **security [at] symfony.com**. Emails sent to this address are
-forwarded to the Symfony core-team private mailing-list.
+forwarded to the Symfony core team private mailing-list.
 
 Resolving Process
 -----------------
 
 For each report, we first try to confirm the vulnerability. When it is
-confirmed, the core-team works on a solution following these steps:
+confirmed, the core team works on a solution following these steps:
 
 #. Send an acknowledgement to the reporter;
 #. Work on a patch;

contributing/code/standards.rst

@@ -260,7 +260,12 @@ Documentation
 * The ``@package`` and ``@subpackage`` annotations are not used;
 
 * Don't inline PHPDoc blocks, even when they contain just one tag (e.g. don't
-  put ``/** {@inheritdoc} */`` in a single line).
+  put ``/** {@inheritdoc} */`` in a single line);
+
+* When adding a new class or when making significant changes to an existing class,
+  an ``@author`` tag with personal contact information may be added, or expanded.
+  Please note it is possible to have the personal contact information updated or
+  removed per request to the doc:`core team </contributing/code/core_team>`.
 
 License
 ~~~~~~~

controller.rst

@@ -343,9 +343,12 @@ method is just a shortcut to create a special
 :class:`Symfony\\Component\\HttpKernel\\Exception\\NotFoundHttpException`
 object, which ultimately triggers a 404 HTTP response inside Symfony.
 
-Of course, you can throw any ``Exception`` class in your controller: Symfony will
-automatically return a 500 HTTP response code::
+If you throw an exception that extends or is an instance of
+:class:`Symfony\\Component\\HttpKernel\\Exception\\HttpException`, Symfony will
+use the appropriate HTTP status code. Otherwise, the response will have a 500
+HTTP status code::
 
+    // this exception ultimately generates a 500 status error
     throw new \Exception('Something went wrong!');
 
 In every case, an error page is shown to the end user and a full debug

form/form_customization.rst

@@ -382,7 +382,7 @@ You can also apply a form theme to a specific child of your form:
 
 .. code-block:: html+twig
 
-    {% form_theme form.child 'form/fields.html.twig' %}
+    {% form_theme form.a_child_form 'form/fields.html.twig' %}
 
 This is useful when you want to have a custom theme for a nested form that's
 different than the one of your main form. Just specify both your themes:
@@ -391,7 +391,7 @@ different than the one of your main form. Just specify both your themes:
 
     {% form_theme form 'form/fields.html.twig' %}
 
-    {% form_theme form.child 'form/fields_child.html.twig' %}
+    {% form_theme form.a_child_form 'form/fields_child.html.twig' %}
 
 Form Theming in PHP
 -------------------

frontend.rst

@@ -53,6 +53,7 @@ Optimizing
 * :doc:`Versioning (and the manifest.json file) </frontend/encore/versioning>`
 * :doc:`Using A CDN </frontend/encore/cdn>`
 * :doc:`Creating a "Shared" entry for re-used modules </frontend/encore/shared-entry>`
+* :doc:`/frontend/encore/url-loader`
 
 Guides
 ......

frontend/encore/url-loader.rst

@@ -0,0 +1,51 @@
+Inlining files in CSS with Webpack URL Loader
+=============================================
+
+A simple technique to improve the performance of web applications is to reduce
+the number of HTTP requests inlining small files as base64 encoded URLs in the
+generated CSS files.
+
+Webpack Encore provides this feature via Webpack's `URL Loader`_ plugin, but
+it's disabled by default. First, add the URL loader to your project:
+
+.. code-block:: terminal
+
+    $ yarn add --dev url-loader
+
+Then enable it in your ``webpack.config.js``:
+
+.. code-block:: javascript
+
+    // webpack.config.js
+    // ...
+
+    Encore
+        // ...
+        .configureUrlLoader({
+            fonts: { limit: 4096 },
+            images: { limit: 4096 }
+        })
+    ;
+
+The ``limit`` option defines the maximum size in bytes of the inlined files. In
+the previous example, font and image files having a size below or equal to 4 KB
+will be inlined and the rest of files will be processed as usual.
+
+You can also use all the other options supported by the `URL Loader`_. If you
+want to disable this loader for either images or fonts, remove the corresponding
+key from the object that is passed to the ``configureUrlLoader()`` method:
+
+.. code-block:: javascript
+
+    // webpack.config.js
+    // ...
+
+    Encore
+        // ...
+        .configureUrlLoader({
+            // 'fonts' is not defined, so only images will be inlined
+            images: { limit: 4096 }
+        })
+    ;
+
+.. _`URL loader`: https://github.com/webpack-contrib/url-loader

reference/dic_tags.rst

@@ -1079,7 +1079,7 @@ also have to be added as regular services:
     .. code-block:: yaml
 
         services:
-            Twig_Extensions_Extension_Intl:
+            Twig\Extensions\IntlExtension:
                 tags: [twig.extension]
 
     .. code-block:: xml
@@ -1091,7 +1091,7 @@ also have to be added as regular services:
                 http://symfony.com/schema/dic/services/services-1.0.xsd">
 
             <services>
-                <service id="Twig_Extensions_Extension_Intl">
+                <service id="Twig\Extensions\IntlExtension">
                     <tag name="twig.extension" />
                 </service>
             </services>
@@ -1100,7 +1100,7 @@ also have to be added as regular services:
     .. code-block:: php
 
         $container
-            ->register('Twig_Extensions_Extension_Intl')
+            ->register('Twig\Extensions\IntlExtension')
             ->addTag('twig.extension')
         ;
 

security/security_checker.rst

@@ -32,4 +32,11 @@ FriendsOfPHP organization.
     any of your dependencies is affected by a known security vulnerability.
     Therefore, you can easily integrate it in your build process.
 
+.. tip::
+
+    The security checker is also available as an independent console application
+    and distributed as a PHAR file so you can use it in any PHP application.
+    Check out the `Security Checker repository`_ for more details.
+
 .. _`security advisories database`: https://github.com/FriendsOfPHP/security-advisories
+.. _`Security Checker repository`: https://github.com/sensiolabs/security-checker

session/proxy_examples.rst

@@ -134,7 +134,7 @@ can intercept the session before it is written::
 
         private function getUser()
         {
-            if (!$token = $tokenStorage->getToken()) {
+            if (!$token = $this->tokenStorage->getToken()) {
                 return;
             }
 

setup/upgrade_patch.rst

@@ -21,6 +21,7 @@ update.
 .. tip::
 
     It is recommended to update to a new patch version as soon as possible, as
-    important bugs and security leaks may be fixed in these new releases.
+    important bugs and security vulnerabilities may be fixed in these new
+    releases.
 
 .. include:: /setup/_update_all_packages.rst.inc

setup/web_server_configuration.rst

@@ -121,7 +121,7 @@ and increase web server performance:
         </Directory>
         ErrorLog /var/log/apache2/project_error.log
         CustomLog /var/log/apache2/project_access.log combined
-        
+
         # optionally set the value of the environment variables used in the application
         #SetEnv APP_ENV prod
         #SetEnv APP_SECRET <app-secret-id>
@@ -176,7 +176,7 @@ listen on. Each pool can also be run under a different UID and GID:
     group = www-data
 
     ; use a unix domain socket
-    listen = /var/run/php7.1-fpm.sock
+    listen = /var/run/php/php7.1-fpm.sock
 
     ; or listen on a TCP socket
     listen = 127.0.0.1:9000
@@ -274,7 +274,7 @@ instead:
 
 .. code-block:: apache
 
-    FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi -socket /var/run/php7.1-fpm.sock -pass-header Authorization
+    FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi -socket /var/run/php/php7.1-fpm.sock -pass-header Authorization
 
 .. _web-server-nginx:
 
@@ -295,7 +295,7 @@ The **minimum configuration** to get your application running under Nginx is:
         }
 
         location ~ ^/index\.php(/|$) {
-            fastcgi_pass unix:/var/run/php7.1-fpm.sock;
+            fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
             fastcgi_split_path_info ^(.+\.php)(/.*)$;
             include fastcgi_params;
 

validation/severity.rst

@@ -148,10 +148,7 @@ so that the severity is added as an additional HTML class:
         {%- if errors|length > 0 -%}
         <ul>
             {%- for error in errors -%}
-                {% if error.constraint.payload.severity is defined %}
-                    {% set severity = error.constraint.payload.severity %}
-                {% endif %}
-                <li{% if severity is defined %} class="{{ severity }}"{% endif %}>{{ error.message }}</li>
+                <li class="{{ error.cause.constraint.payload.severity ?? '' }}">{{ error.message }}</li>
             {%- endfor -%}
         </ul>
         {%- endif -%}