Merge branch '5.2' into 5.x

* 5.2: (23 commits)
  [Console] Fix Windows code page support
  [SecurityBundle] Allow ips parameter in access_control accept comma-separated string
  [Form] Add TranslatableMessage support to choice_label option of ChoiceType
  Remove code that deals with legacy behavior of PHP_Incomplete_Class
  [Config][DependencyInjection] Uniformize trailing slash handling
  [PropertyInfo] Make ReflectionExtractor correctly extract nullability
  [PropertyInfo] fix attribute namespace with recursive traits
  [PhpUnitBridge] Fix tests with `@doesNotPerformAssertions` annotations
  Check redis extension version
  [Security] Update Russian translations
  [Notifier] Fix return SentMessage then Messenger not used
  [VarExporter] Add support of PHP enumerations
  [Security] Added missing Japanese translations
  [Security] Added missing Polish translations
  [Security] Add missing Italian translations #41051
  [Security] Missing translations pt_BR
  getProtocolVersion may return null
  Fix return type on isAllowedProperty method
  Make FailoverTransport always pick the first transport
  [TwigBridge] Fix HTML for translatable custom-file label in Bootstrap 4 theme
  ...

Author: nicolas-grekas

DependencyInjection/SecurityExtension.php

@@ -1026,7 +1026,7 @@ private function createRequestMatcher(ContainerBuilder $container, string $path
             foreach ($ips as $ip) {
                 $container->resolveEnvPlaceholders($ip, null, $usedEnvs);
 
-                if (!$usedEnvs && !$this->isValidIp($ip)) {
+                if (!$usedEnvs && !$this->isValidIps($ip)) {
                     throw new \LogicException(sprintf('The given value "%s" in the "security.access_control" config option is not a valid IP address.', $ip));
                 }
 
@@ -1084,6 +1084,25 @@ public function getConfiguration(array $config, ContainerBuilder $container)
         return new MainConfiguration($this->factories, $this->userProviderFactories);
     }
 
+    private function isValidIps($ips): bool
+    {
+        $ipsList = array_reduce((array) $ips, static function (array $ips, string $ip) {
+            return array_merge($ips, preg_split('/\s*,\s*/', $ip));
+        }, []);
+
+        if (!$ipsList) {
+            return false;
+        }
+
+        foreach ($ipsList as $cidr) {
+            if (!$this->isValidIp($cidr)) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
     private function isValidIp(string $cidr): bool
     {
         $cidrParts = explode('/', $cidr);

Tests/DependencyInjection/SecurityExtensionTest.php

@@ -388,6 +388,33 @@ public function testRememberMeCookieInheritFrameworkSessionCookie($config, $same
         $this->assertEquals($secure, $definition->getArgument(3)['secure']);
     }
 
+    /**
+     * @dataProvider acceptableIpsProvider
+     */
+    public function testAcceptableAccessControlIps($ips)
+    {
+        $container = $this->getRawContainer();
+
+        $container->loadFromExtension('security', [
+            'providers' => [
+                'default' => ['id' => 'foo'],
+            ],
+            'firewalls' => [
+                'some_firewall' => [
+                    'pattern' => '/.*',
+                    'http_basic' => [],
+                ],
+            ],
+            'access_control' => [
+                ['ips' => $ips, 'path' => '/somewhere', 'roles' => 'IS_AUTHENTICATED_FULLY'],
+            ],
+        ]);
+
+        $container->compile();
+
+        $this->assertTrue(true, 'Ip addresses is successfully consumed: '.(\is_string($ips) ? $ips : json_encode($ips)));
+    }
+
     public function testCustomRememberMeHandler()
     {
         $container = $this->getRawContainer();
@@ -430,6 +457,16 @@ public function sessionConfigurationProvider()
         ];
     }
 
+    public function acceptableIpsProvider(): iterable
+    {
+        yield [['127.0.0.1']];
+        yield ['127.0.0.1'];
+        yield ['127.0.0.1, 127.0.0.2'];
+        yield ['127.0.0.1/8, 127.0.0.2/16'];
+        yield [['127.0.0.1/8, 127.0.0.2/16']];
+        yield [['127.0.0.1/8', '127.0.0.2/16']];
+    }
+
     public function testSwitchUserWithSeveralDefinedProvidersButNoFirewallRootProviderConfigured()
     {
         $container = $this->getRawContainer();