Merge branch '3.3' into 3.4
* 3.3: [Profiler] Fix request_collector check in main layout Github template: Remove EOM 3.2 from branch suggestion [Security] Fix security.interactive_login event const doc block Update Container.php: Deprecated -> @deprecated allow phpdocumentor/reflection-docblock >=3.2.1 Avoid infinite loops when profiler data is malformed [FrameworkBundle] Warmup annotations for bundle-less controllers and entities [HttpFoundation] Generate safe fallback filename for wrongly encoded filename
This commit is contained in:
commit
8be06c45f9
2
.github/PULL_REQUEST_TEMPLATE.md
vendored
2
.github/PULL_REQUEST_TEMPLATE.md
vendored
@ -1,6 +1,6 @@
|
|||||||
| Q | A
|
| Q | A
|
||||||
| ------------- | ---
|
| ------------- | ---
|
||||||
| Branch? | 3.4 or master / 2.7, 2.8, 3.2 or 3.3 <!-- see comment below -->
|
| Branch? | 3.4 or master / 2.7, 2.8 or 3.3 <!-- see comment below -->
|
||||||
| Bug fix? | yes/no
|
| Bug fix? | yes/no
|
||||||
| New feature? | yes/no <!-- don't forget updating src/**/CHANGELOG.md files -->
|
| New feature? | yes/no <!-- don't forget updating src/**/CHANGELOG.md files -->
|
||||||
| BC breaks? | yes/no
|
| BC breaks? | yes/no
|
||||||
|
@ -102,7 +102,7 @@
|
|||||||
"phpdocumentor/reflection-docblock": "^3.0"
|
"phpdocumentor/reflection-docblock": "^3.0"
|
||||||
},
|
},
|
||||||
"conflict": {
|
"conflict": {
|
||||||
"phpdocumentor/reflection-docblock": "<3.0||>=3.2.0",
|
"phpdocumentor/reflection-docblock": "<3.0||>=3.2.0,<3.2.1",
|
||||||
"phpdocumentor/type-resolver": "<0.2.0",
|
"phpdocumentor/type-resolver": "<0.2.0",
|
||||||
"phpunit/phpunit": "<4.8.35|<5.4.3,>=5.0"
|
"phpunit/phpunit": "<4.8.35|<5.4.3,>=5.0"
|
||||||
},
|
},
|
||||||
|
@ -259,8 +259,8 @@ class FrameworkExtension extends Extension
|
|||||||
}
|
}
|
||||||
|
|
||||||
$this->addAnnotatedClassesToCompile(array(
|
$this->addAnnotatedClassesToCompile(array(
|
||||||
'**Bundle\\Controller\\',
|
'**\\Controller\\',
|
||||||
'**Bundle\\Entity\\',
|
'**\\Entity\\',
|
||||||
|
|
||||||
// Added explicitly so that we don't rely on the class map being dumped to make it work
|
// Added explicitly so that we don't rely on the class map being dumped to make it work
|
||||||
'Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller',
|
'Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller',
|
||||||
|
@ -20,7 +20,7 @@
|
|||||||
</h2>
|
</h2>
|
||||||
|
|
||||||
{% set request_collector = profile.collectors.request|default(false) %}
|
{% set request_collector = profile.collectors.request|default(false) %}
|
||||||
{% if request_collector is defined and request_collector.redirect -%}
|
{% if request_collector and request_collector.redirect -%}
|
||||||
{%- set redirect = request_collector.redirect -%}
|
{%- set redirect = request_collector.redirect -%}
|
||||||
{%- set controller = redirect.controller -%}
|
{%- set controller = redirect.controller -%}
|
||||||
{%- set redirect_route = '@' ~ redirect.route %}
|
{%- set redirect_route = '@' ~ redirect.route %}
|
||||||
|
@ -111,7 +111,7 @@ class Container implements ResettableContainerInterface
|
|||||||
/**
|
/**
|
||||||
* Returns true if the container parameter bag are frozen.
|
* Returns true if the container parameter bag are frozen.
|
||||||
*
|
*
|
||||||
* Deprecated since 3.3, to be removed in 4.0.
|
* @deprecated since version 3.3, to be removed in 4.0.
|
||||||
*
|
*
|
||||||
* @return bool true if the container parameter bag are frozen, false otherwise
|
* @return bool true if the container parameter bag are frozen, false otherwise
|
||||||
*/
|
*/
|
||||||
|
@ -150,7 +150,7 @@ class BinaryFileResponse extends Response
|
|||||||
* Sets the Content-Disposition header with the given filename.
|
* Sets the Content-Disposition header with the given filename.
|
||||||
*
|
*
|
||||||
* @param string $disposition ResponseHeaderBag::DISPOSITION_INLINE or ResponseHeaderBag::DISPOSITION_ATTACHMENT
|
* @param string $disposition ResponseHeaderBag::DISPOSITION_INLINE or ResponseHeaderBag::DISPOSITION_ATTACHMENT
|
||||||
* @param string $filename Optionally use this filename instead of the real name of the file
|
* @param string $filename Optionally use this UTF-8 encoded filename instead of the real name of the file
|
||||||
* @param string $filenameFallback A fallback filename, containing only ASCII characters. Defaults to an automatically encoded filename
|
* @param string $filenameFallback A fallback filename, containing only ASCII characters. Defaults to an automatically encoded filename
|
||||||
*
|
*
|
||||||
* @return $this
|
* @return $this
|
||||||
@ -162,7 +162,7 @@ class BinaryFileResponse extends Response
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ('' === $filenameFallback && (!preg_match('/^[\x20-\x7e]*$/', $filename) || false !== strpos($filename, '%'))) {
|
if ('' === $filenameFallback && (!preg_match('/^[\x20-\x7e]*$/', $filename) || false !== strpos($filename, '%'))) {
|
||||||
$encoding = mb_detect_encoding($filename, null, true);
|
$encoding = mb_detect_encoding($filename, null, true) ?: '8bit';
|
||||||
|
|
||||||
for ($i = 0, $filenameLength = mb_strlen($filename, $encoding); $i < $filenameLength; ++$i) {
|
for ($i = 0, $filenameLength = mb_strlen($filename, $encoding); $i < $filenameLength; ++$i) {
|
||||||
$char = mb_substr($filename, $i, 1, $encoding);
|
$char = mb_substr($filename, $i, 1, $encoding);
|
||||||
|
@ -69,6 +69,17 @@ class BinaryFileResponseTest extends ResponseTestCase
|
|||||||
$this->assertSame('attachment; filename="f__.html"; filename*=utf-8\'\'f%C3%B6%C3%B6.html', $response->headers->get('Content-Disposition'));
|
$this->assertSame('attachment; filename="f__.html"; filename*=utf-8\'\'f%C3%B6%C3%B6.html', $response->headers->get('Content-Disposition'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testSetContentDispositionGeneratesSafeFallbackFilenameForWronglyEncodedFilename()
|
||||||
|
{
|
||||||
|
$response = new BinaryFileResponse(__FILE__);
|
||||||
|
|
||||||
|
$iso88591EncodedFilename = utf8_decode('föö.html');
|
||||||
|
$response->setContentDisposition(ResponseHeaderBag::DISPOSITION_ATTACHMENT, $iso88591EncodedFilename);
|
||||||
|
|
||||||
|
// the parameter filename* is invalid in this case (rawurldecode('f%F6%F6') does not provide a UTF-8 string but an ISO-8859-1 encoded one)
|
||||||
|
$this->assertSame('attachment; filename="f__.html"; filename*=utf-8\'\'f%F6%F6.html', $response->headers->get('Content-Disposition'));
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @dataProvider provideRanges
|
* @dataProvider provideRanges
|
||||||
*/
|
*/
|
||||||
|
@ -142,11 +142,19 @@ class FileProfilerStorage implements ProfilerStorageInterface
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$profileToken = $profile->getToken();
|
||||||
|
// when there are errors in sub-requests, the parent and/or children tokens
|
||||||
|
// may equal the profile token, resulting in infinite loops
|
||||||
|
$parentToken = $profile->getParentToken() !== $profileToken ? $profile->getParentToken() : null;
|
||||||
|
$childrenToken = array_filter(array_map(function ($p) use ($profileToken) {
|
||||||
|
return $profileToken !== $p->getToken() ? $p->getToken() : null;
|
||||||
|
}, $profile->getChildren()));
|
||||||
|
|
||||||
// Store profile
|
// Store profile
|
||||||
$data = array(
|
$data = array(
|
||||||
'token' => $profile->getToken(),
|
'token' => $profileToken,
|
||||||
'parent' => $profile->getParentToken(),
|
'parent' => $parentToken,
|
||||||
'children' => array_map(function ($p) { return $p->getToken(); }, $profile->getChildren()),
|
'children' => $childrenToken,
|
||||||
'data' => $profile->getCollectors(),
|
'data' => $profile->getCollectors(),
|
||||||
'ip' => $profile->getIp(),
|
'ip' => $profile->getIp(),
|
||||||
'method' => $profile->getMethod(),
|
'method' => $profile->getMethod(),
|
||||||
|
@ -34,7 +34,7 @@
|
|||||||
"doctrine/annotations": "~1.0"
|
"doctrine/annotations": "~1.0"
|
||||||
},
|
},
|
||||||
"conflict": {
|
"conflict": {
|
||||||
"phpdocumentor/reflection-docblock": "<3.0||>=3.2.0",
|
"phpdocumentor/reflection-docblock": "<3.0||>=3.2.0,<3.2.1",
|
||||||
"phpdocumentor/type-resolver": "<0.2.0",
|
"phpdocumentor/type-resolver": "<0.2.0",
|
||||||
"symfony/dependency-injection": "<3.3"
|
"symfony/dependency-injection": "<3.3"
|
||||||
},
|
},
|
||||||
|
@ -14,8 +14,11 @@ namespace Symfony\Component\Security\Http;
|
|||||||
final class SecurityEvents
|
final class SecurityEvents
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* The INTERACTIVE_LOGIN event occurs after a user is logged in
|
* The INTERACTIVE_LOGIN event occurs after a user has actively logged
|
||||||
* interactively for authentication based on http, cookies or X509.
|
* into your website. It is important to distinguish this action from
|
||||||
|
* non-interactive authentication methods, such as:
|
||||||
|
* - authentication based on your session.
|
||||||
|
* - authentication using a HTTP basic or HTTP digest header.
|
||||||
*
|
*
|
||||||
* @Event("Symfony\Component\Security\Http\Event\InteractiveLoginEvent")
|
* @Event("Symfony\Component\Security\Http\Event\InteractiveLoginEvent")
|
||||||
*
|
*
|
||||||
|
Reference in New Issue
Block a user