Merge branch '4.4' into 5.0

* 4.4: (30 commits)
  [Security] Check UserInterface::getPassword is not null before calling needsRehash
  gracefully handle missing event dispatchers
  Fix TokenStorage::reset not called in stateless firewall
  [DotEnv] Remove `usePutEnv` property default value
  [HttpFoundation] get currently session.gc_maxlifetime if ttl doesnt exists
  Set up typo fix
  [DependencyInjection] Handle env var placeholders in CheckTypeDeclarationsPass
  [Cache] fix memory leak when using PhpArrayAdapter
  [Validator] Allow underscore character "_" in URL username and password
  [TwigBridge] Update bootstrap_4_layout.html.twig
  [FrameworkBundle][SodiumVault] Create secrets directory only when needed
  fix parsing negative octal numbers
  [SecurityBundle] Passwords are not encoded when algorithm set to \"true\"
  [DependencyInjection] Resolve expressions in CheckTypeDeclarationsPass
  [SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass
  do not validate passwords when the hash is null
  [DI] fix resolving bindings for named TypedReference
  [Config] never try loading failed classes twice with ClassExistenceResource
  [Mailer] Fix SMTP Authentication when using STARTTLS
  [DI] Fix making the container path-independent when the app is in /app
  ...

Author: nicolas-grekas

DependencyInjection/Compiler/AddSessionDomainConstraintPass.php

@@ -31,7 +31,7 @@ public function process(ContainerBuilder $container)
         }
 
         $sessionOptions = $container->getParameter('session.storage.options');
-        $domainRegexp = empty($sessionOptions['cookie_domain']) ? '%s' : sprintf('(?:%%s|(?:.+\.)?%s)', preg_quote(trim($sessionOptions['cookie_domain'], '.')));
+        $domainRegexp = empty($sessionOptions['cookie_domain']) ? '%%s' : sprintf('(?:%%%%s|(?:.+\.)?%s)', preg_quote(trim($sessionOptions['cookie_domain'], '.')));
 
         if ('auto' === ($sessionOptions['cookie_secure'] ?? null)) {
             $secureDomainRegexp = sprintf('{^https://%s$}i', $domainRegexp);

DependencyInjection/Compiler/RegisterTokenUsageTrackingPass.php

@@ -43,6 +43,7 @@ public function process(ContainerBuilder $container)
 
         if (!$container->has('session')) {
             $container->setAlias('security.token_storage', 'security.untracked_token_storage')->setPublic(true);
+            $container->getDefinition('security.untracked_token_storage')->addTag('kernel.reset', ['method' => 'reset']);
         } elseif ($container->hasDefinition('security.context_listener')) {
             $container->getDefinition('security.context_listener')
                 ->setArgument(6, [new Reference('security.token_storage'), 'enableUsageTracking']);

DependencyInjection/MainConfiguration.php

@@ -362,7 +362,13 @@ private function addEncodersSection(ArrayNodeDefinition $rootNode)
                         ->performNoDeepMerging()
                         ->beforeNormalization()->ifString()->then(function ($v) { return ['algorithm' => $v]; })->end()
                         ->children()
-                            ->scalarNode('algorithm')->cannotBeEmpty()->end()
+                            ->scalarNode('algorithm')
+                                ->cannotBeEmpty()
+                                ->validate()
+                                    ->ifTrue(function ($v) { return !\is_string($v); })
+                                    ->thenInvalid('You must provide a string value.')
+                                ->end()
+                            ->end()
                             ->arrayNode('migrate_from')
                                 ->prototype('scalar')->end()
                                 ->beforeNormalization()->castToArray()->end()