Merge branch '6.1' into 6.2

* 6.1:
  [HttpKernel] Fix test sensitivity on xdebug.file_link_format
  [HttpKernel] Fix non-scalar check in surrogate fragment renderer
  [HtmlSanitizer] Allow null for sanitizer option `allowed_link_hosts` and `allowed_media_hosts`
  [Serializer] Fix wrong needsNormalization in TraceableEncoder
  [Debug][ErrorHandler] fix operator precedence
  [Cache] Ensured that redis adapter can use multiple redis sentinel hosts
  [DoctrineBridge] fix tests
  [Security] Allow redirect after login to absolute URLs

Author: nicolas-grekas

DependencyInjection/Configuration.php

@@ -2224,9 +2224,13 @@ private function addHtmlSanitizerSection(ArrayNodeDefinition $rootNode, callable
                                         ->info('Allows only a given list of schemes to be used in links href attributes.')
                                         ->scalarPrototype()->end()
                                     ->end()
-                                    ->arrayNode('allowed_link_hosts')
+                                    ->variableNode('allowed_link_hosts')
                                         ->info('Allows only a given list of hosts to be used in links href attributes.')
-                                        ->scalarPrototype()->end()
+                                        ->defaultValue(null)
+                                        ->validate()
+                                            ->ifTrue(function ($v) { return !\is_array($v) && null !== $v; })
+                                            ->thenInvalid('The "allowed_link_hosts" parameter must be an array or null')
+                                        ->end()
                                     ->end()
                                     ->booleanNode('allow_relative_links')
                                         ->info('Allows relative URLs to be used in links href attributes.')
@@ -2236,9 +2240,13 @@ private function addHtmlSanitizerSection(ArrayNodeDefinition $rootNode, callable
                                         ->info('Allows only a given list of schemes to be used in media source attributes (img, audio, video, ...).')
                                         ->scalarPrototype()->end()
                                     ->end()
-                                    ->arrayNode('allowed_media_hosts')
+                                    ->variableNode('allowed_media_hosts')
                                         ->info('Allows only a given list of hosts to be used in media source attributes (img, audio, video, ...).')
-                                        ->scalarPrototype()->end()
+                                        ->defaultValue(null)
+                                        ->validate()
+                                            ->ifTrue(function ($v) { return !\is_array($v) && null !== $v; })
+                                            ->thenInvalid('The "allowed_media_hosts" parameter must be an array or null')
+                                        ->end()
                                     ->end()
                                     ->booleanNode('allow_relative_medias')
                                         ->info('Allows relative URLs to be used in media source attributes (img, audio, video, ...).')

Tests/DependencyInjection/Fixtures/php/html_sanitizer_default_allowed_link_and_media_hosts.php

@@ -0,0 +1,10 @@
+<?php
+
+$container->loadFromExtension('framework', [
+    'http_method_override' => false,
+    'html_sanitizer' => [
+        'sanitizers' => [
+            'custom_default' => null,
+        ],
+    ],
+]);

Tests/DependencyInjection/Fixtures/xml/html_sanitizer_default_allowed_link_and_media_hosts.xml

@@ -0,0 +1,13 @@
+<?xml version="1.0" ?>
+
+<container xmlns="http://symfony.com/schema/dic/services"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://symfony.com/schema/dic/services https://symfony.com/schema/dic/services/services-1.0.xsd
+                        http://symfony.com/schema/dic/symfony https://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
+
+    <config xmlns="http://symfony.com/schema/dic/symfony" http-method-override="false">
+        <html-sanitizer>
+            <sanitizer name="custom_default"/>
+        </html-sanitizer>
+    </config>
+</container>

Tests/DependencyInjection/Fixtures/yml/html_sanitizer_default_allowed_link_and_media_hosts.yml

@@ -0,0 +1,5 @@
+framework:
+    http_method_override: false
+    html_sanitizer:
+        sanitizers:
+            custom_default: ~

Tests/DependencyInjection/FrameworkExtensionTest.php

@@ -2111,6 +2111,15 @@ static function ($call) {
         $this->assertFalse($container->hasAlias(HtmlSanitizerInterface::class.' $default'));
     }
 
+    public function testHtmlSanitizerDefaultNullAllowedLinkMediaHost()
+    {
+        $container = $this->createContainerFromFile('html_sanitizer_default_allowed_link_and_media_hosts');
+
+        $calls = $container->getDefinition('html_sanitizer.config.custom_default')->getMethodCalls();
+        $this->assertContains(['allowLinkHosts', [null], true], $calls);
+        $this->assertContains(['allowMediaHosts', [null], true], $calls);
+    }
+
     public function testHtmlSanitizerDefaultConfig()
     {
         $container = $this->createContainerFromFile('html_sanitizer_default_config');