6.0.2 (2019-10-14)

Overview of merged pull requests

BUGFIX: Add the FlashMessageComponent to http chain

This unfortunately got lost when rebasing the feature and was unnoticed till now.

Needs to be ‘after setSessionCookie’ because that component always overrides the ‘Set-Cookie’ header right now (see #1810). Apparently, flash message CookieStorage doesn’t play well with this, hence we also need to change the default storage to SessionStorage at least until that is resolved.

Resolves #1807

  • Packages: Flow

TASK: FluidAdaptor cleanup

See #1761 for the “trigger” to this one.

It attempts to clean up outdated code and assumptions about the code of TYPO3 Fluid that no longer hold.

BUGFIX: Don’t overwrite previous Set-Cookie headers in the session component

This would e.g. overwrite cookies set with the FlashMessage CookieStorage.

Related to #1807

Replacement for #1808 targeted onto 5.1

  • Packages: Flow

BUGFIX: fix double “//” encoding in some URLs

## Problem Description

(this is hard to explain, checked into this with @bwaidelich).

In case all of the following conditions are met:

  1. RoutePartHandler with custom hostname - you have a custom RoutePartHandler, which… - returns a ResolveResult, which … - switches to a different hostname (using ->withHost(…)
  2. and you create a link through through this route,

then: the URL contains two slashes after the hostname (i.e. http://my-host//test).

## Steps to Reproduce

(see test case)

## Root Cause Analysis

### Preamble

With Flow 6.0, a very subtle change to the URL handling happened:

```php if ($this->getAuthority() === ‘’) { … } elseif (isset($this->path[0]) && $this->path[0] !== ‘/’) {

‘The path of a URI with an authority must start with a slash “/” or be empty. Automagically fixing the URI ‘ . ‘by adding a leading slash to the path is deprecated since version 1.4 and will throw an exception instead.’, E_USER_DEPRECATED

); $this->path = ‘/’. $this->path; //throw new \InvalidArgumentException(‘The path of a URI with an authority must start with a slash “/” or be empty’);



This means Guzzle normalizes all URL parts to start with leading slashes, but only if we have an authority set (i.e. a host).

### Usage in Flow

In Flow, we had the following logic:

  • UriBuilder::build() contains a call to RequestInformationHelper::getScriptRequestPath(), which always generates a path starting with a “/”. Thus, $uriPathPrefix there contains at least a /.
  • Additional Gimmick: In the constructor of ResolveContext, some logic has been added with #1215 ( + #1185 ), which lead to the situation that even if $uriPathPrefix would be empty and $forceAbsoluteUri would be `true`, *the `$uriPathPrefix` would still be set to `/`*
  • This is then used in Router::resolve(), where the path prefix (/) from the afoementioned ResolveContext is applied to the $uriConstraints.
  • Now, in UriConstraints::applyTo(), the following block is executed:
if (isset($this->constraints[self::CONSTRAINT_PATH]) && $this->constraints[self::CONSTRAINT_PATH] !== $templateUri->getPath()) {
$uri = $uri->withPath($this->constraints[self::CONSTRAINT_PATH]);

} if (isset($this->constraints[self::CONSTRAINT_PATH_PREFIX])) {

$uri = $uri->withPath($this->constraints[self::CONSTRAINT_PATH_PREFIX] . $uri->getPath());



In the first if-block, the URI path is set. Normally, this is a non-absolute path, but guzzle normalizes this to be an absolute path (see the section above).

Then comes the second if-block, where a / is prepended to the absolute path, leading to the // situation.

NOTE: This error can only be triggered when the RoutePartHandler returns a *different* host than the original one; as otherwise, the auto-prefixing is not done in Guzzle..

## How to fix this

  • We simply trim the $uriPathPrefix to not start with / in the UriBuilder.
  • Additionally, we add safeguards in ResolveContext so that the $uriPathPrefix is never starting with a /.
  • Additionally, we add safeguards in UriConstraints so that the withPathPrefix is never generating a prefix starting with a /.

Finally, we do a cleanup; moving code related to base-URLs-with-paths around a bit (see #1215 + #1185 ); so that this is actually done in the UriConstraints::applyTo method.

### Affected Versions

Flow 6.0.0

Resolves: #1803

<!– Thanks for your contribution, we appreciate it!

Please read through our pull request guidelines, there are some interesting things there: https://discuss.neos.io/t/creating-a-pull-request/506

And one more thing… Don’t forget about the tests! –>

What I did

How I did it

How to verify it


  • Packages: Flow

TASK: Set psalm baseline

This corrects some false positives

  • Packages: Flow FluidAdaptor

BUGFIX: Check for AbstractLazyCollection in CollectionValidator

Use more generic AbstractLazyCollection instead of PersistentCollection in isValid() of CollectionValidator to prevent lazy collection of classes extending AbstractLazyCollection to get loaded.

In our case we are extending the AbstractLazyCollection to add some additional functionality when handling lazy collections. Due to the final Implementation of PersistentCollection we are not able to extend this class.

During the isValid() check, all data in the collection is loaded from the database and we run into an out of memory error, because our collection is an instance of AbstractLazyCollection and not PersistentCollection.

I added an additional unit test collectionValidatorIsValidEarlyReturnsOnUnitializedDoctrineAbstractLazyCollections to the PR.

See #1796 (now targeting 4.3)

  • Packages: Flow

TASK: Fix documented return type for ViewInterface.render()

The render() in ViewInterface method used to return a string, but now that is no longer true. This makes the docblock list the return types that our ActionController handles, to lessen the potential for confusion.

  • Packages: Flow