This PR was squashed before being merged into the 2.3 branch (closes#13039).
Discussion
----------
[HttpFoundation] [Request] fix baseUrl parsing to fix wrong path_info
Hi everyone!
We at trivago had an issue with the Request object. It seems that all versions of symfony 2.x and 3.x are affected from this (possible) bug (don't checked 1.x).
Here is the problem:
some old legacy pages are deployed in the Document Root, let's say /var/www/www.test.com/ .
one or more new applications based on symfony are deployed to /var/release/new_app1/ , /var/release/new_app2/ , ... .
in /var/www/www.test.com/ there is a symlink "app" to /var/release/new_app1/web, like:
/var/www/www.test.com/app --> /var/release/new_app1/web/
there is a "SEO"/human-readable rewrite rule for Document Root (if called path/file not exist): (.*) --> app/app.php
the problem comes, when the user calls a uri starting with "app" or whatever the rewrite rule / symlink points to:
the user calls "http://www.test.com/apparthotel-1234"
results in $_SERVER parameters like this
```
'DOCUMENT_ROOT' =>'/var/www/www.test.com',
'SCRIPT_FILENAME' => '/var/www/www.test.com/app/app.php',
'SCRIPT_NAME' => '/app/app.php',
'PHP_SELF' => '/app/app.php/apparthotel-1234'
```
in Request::prepareBaseUrl() there are checks to find the baseUrl:
```
if ($baseUrl && false !== $prefix = $this->getUrlencodedPrefix($requestUri, $baseUrl)) {
// full $baseUrl matches
return $prefix;
}
if ($baseUrl && false !== $prefix = $this->getUrlencodedPrefix($requestUri, dirname($baseUrl))) {
// directory portion of $baseUrl matches
return rtrim($prefix, '/');
}
```
first it is checked if (in our case) "/app/app.php" is in the request uri (/apparthotel-1234).
it's not.
then it takes the dirname (of /app/app.php) which is /app and checks if it is in the request uri (/apparthotel-1234), and YES, it is! and "/app" is returned, but this is wrong, it should be empty (because it comes from a rewrite rule from root: /)!
later in preparePathInfo(), if there is a baseUrl, then the baseUrl is removed from the request uri:
/apparthotel-1234 ---> /arthotel-1234
The cause is, the second baseUrl check, checks if the path of the application is already in the uri, like when the request was "http://www.test.com/app/apparthotel-1234" and hit a rewrite rule like (.*) --> app.php in there, but because it matches a directory it must match "dirname($baseUrl) . '/'".
I also needed to fix one unit test of the getBaseUrl test:
the request uri recently was "/foo%20bar".
but from the $_SERVER infos "foo bar" is a directory, see:
```
'SCRIPT_FILENAME' => '/home/John Doe/public_html/foo bar/app.php',
'SCRIPT_NAME' => '/foo bar/app.php',
'PHP_SELF' => '/foo bar/app.php',
```
webservers will redirect a request "http://www.test.com/foo%20bar" to "http://www.test.com/foo%20bar/" when "foo bar" is a directory. checked this for apache 2.x and nginx 1.4.x.
this fix is for symfony master (3.0.x, see #13039).
I also prepared a merge request for actual 2.7 branch, it will also follow in some minutes. (see #13040)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | this, #13040, #13038, #7329
| License | MIT
[HttpFoundation] [Request]
* added missing slash to baseUrl-path part check to remove the path, only when it's also a path in the uri
[HttpFoundation] [Tests] [RequestTest]
* fixed and added unittests
This is the symfony 2.3 branch fix for the issue related to #13038 and #13040
Happy christmas!
Commits
-------
3a3ecd3 [HttpFoundation] [Request] fix baseUrl parsing to fix wrong path_info
This PR was squashed before being merged into the 2.3 branch (closes#13250).
Discussion
----------
[Twig][Bridge][TranslationDefaultDomain] add support of named arguments.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Fixed tickets | #10859
| Tests pass? | yes
| License | MIT
Commits
-------
02bc23a [Twig][Bridge][TranslationDefaultDomain] add support of named arguments.
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Improved exception message if the data class is not found
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12359, #12367
| License | MIT
| Doc PR | -
Commits
-------
4145836 [Form] Improved exception message if the data class is not found
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] execute cheaper checks before more expensive ones
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Minor improvements to the checks as suggested by @stof in #13262.
Commits
-------
cd4349d execute cheaper checks before more expensive ones
This PR was submitted for the 2.5 branch but it was merged into the 2.3 branch instead (closes#13332).
Discussion
----------
[Console] ArgvInput and empty tokens
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
If an empty token is provided (from automated tools, or on purpose when running a command), the argument getter was not checking the other tokens, as '' == false in php, which is the stop condition of the while loop in this method.
This method should now rely on the count of tokens rather than on the value of the return of `array_shift`
If the fix is removed on the ArgvInput, the test `testGetParameterOptionEqualSign` should fail, as it shows why this fix is needed (last line of its provider `provideGetParameterOptionValues`)
This is relevant on 2.4+, but as 2.4 has stopped expecting bug fixes since july 2014, I based this PR on 2.5+. So this should be merged in 2.5, 2.6, 2.7 and possibly on master. This should also be cherry-pickable on 2.3 (as it is the current LTS)
Commits
-------
afa1e20 Fixes ArgvInput's argument getter with empty tokens
If an empty token is provided (from automated tools, or on purpose when
running a command), the argument getter was not checking the other
tokens, as '' == false in php, which is the stop condition of the while
loop in this method.
This method should now rely on the count of tokens rather than the value
of the return of array_shift
This PR was submitted for the 2.7 branch but it was merged into the 2.3 branch instead (closes#13293).
Discussion
----------
[EventDispatcher] Add missing checks to RegisterListenersPass
* Support services using a parameter for their class name.
* Prevent abstract services as event subscribers.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
0a50b63 [EventDispatcher] Add missing checks to RegisterListenersPass
* Support services using a parameter for their class name.
* Prevent abstract services as event subscribers.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] Improve YAML boolean escaping
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13209
| License | MIT
| Doc PR | None
This PR ensures that PHP [values which would be interpreted as booleans][1] in older versions of the YAML spec are escaped with single quotes when dumped by the Dumper.
For example, dumping this:
```php
array(
'country_code' => 'no',
'speaks_norwegian' => 'y',
'heating' => 'on',
)
```
Will produce this YAML:
```yaml
country_code: 'no'
speaks_norwegian: 'y'
heating: 'on'
```
[1]: http://yaml.org/type/bool.html
Commits
-------
8fa056b Inline private 'is quoting required' methods in Escaper
afe827a Merge pull request #2 from larowlan/patch-2
a0ec0fe Add comment as requested
1e0633e Merge pull request #1 from larowlan/patch-1
81a8090 Remove duplicate 'require'
3760e67 [Yaml] Improve YAML boolean escaping
This PR was merged into the 2.3 branch.
Discussion
----------
[Debug] fix loading order for legacy classes
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13416
| License | MIT
| Doc PR | -
Looks like declaration order is important.
Commits
-------
cb34789 [Debug] fix loading order for legacy classes
This PR was merged into the 2.3 branch.
Discussion
----------
fix missing comma in YamlDumper
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The YamlDumper were missing commas between tag attributes.
See https://github.com/rosstuck/TuckConverterBundle/issues/6
Commits
-------
f600d1a fix missing comma in YamlDumper
This PR was submitted for the 2.7 branch but it was merged into the 2.3 branch instead (closes#13365).
Discussion
----------
[HttpFoundation] Make use of isEmpty() method
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
fc51d54 [HttpFoundation] Make use of isEmpty() method
This PR was merged into the 2.3 branch.
Discussion
----------
[PropertyAccessor] Allow null value for a array (2.3)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12482
| License | MIT
| Doc PR | -
Original PR is #12511
A rebase on 2.3 was requested by @fabpot
Commits
-------
9706b09 [PropertyAccessor] Added test to allow null value for a array
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Set a child type to text if added to the form without a type.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13167
| License | MIT
| Doc PR | -
This copies the behaviour of `FormBuilder::create()` to `Form::add()`.
ping @webmozart
Commits
-------
57070a2 [Form] Set a child type to text if added to the form without a type.
This PR was submitted for the 2.7 branch but it was merged into the 2.3 branch instead (closes#13334).
Discussion
----------
[Yaml] Fixed#10597: Improved Yaml directive parsing
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10597
| License | MIT
| Doc PR | N/A
There was a problem with the regular expression used to process the YAML directive. The modifier `s` made the regex too greedy, replacing everything but the last line of the YAML. Existing tests using the YAML directive contained only one line, that's why they were passing.
Commits
-------
95d8ce3 [Yaml] Fixed#10597: Improved Yaml directive parsing
This PR was squashed before being merged into the 2.3 branch (closes#13286).
Discussion
----------
[Security] Don't destroy the session on buggy php releases.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13269, #13283
| License | MIT
| Doc PR | none
See #13269 for the discussion. This workaround avoids destroying the old session after login on the migrate strategy when running under a php version that we know to be broken.
Corresponding php bug: https://bugs.php.net/bug.php?id=63379
Commits
-------
5d0b527 [Security] Don't destroy the session on buggy php releases.
This PR was squashed before being merged into the 2.3 branch (closes#13231).
Discussion
----------
[WIP] Made help information of commands more consistent
| Q | A
| --- | ---
| Test pass | Not yet
| License | MIT
| Fixed tickets | -
Commits
-------
602d687 [WIP] Made help information of commands more consistent
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] fix failing test
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Fix failing tests on 2.3 with components=high
Commits
-------
064799a [2.3] fix failing test
This PR was merged into the 2.3 branch.
Discussion
----------
CS: add missing param names to @param annotation
| Q | A
| ------------- | ---
| Fixed tickets |
| License | MIT
as stated by @stof [here](https://github.com/symfony/symfony/pull/12886#issuecomment-68626732)
Commits
-------
665825b add missing param names to @param annotation
This PR was merged into the 2.3 branch.
Discussion
----------
Improve the composer root version setting on Travis
The previous implementation was setting dev-master in all branches. This was working fine only because the dev-master branch alias was never updated in maintenance branches, and so dev-master was aliased as 2.3.x-dev in the 2.3 branch.
Commits
-------
01f7a3a Improve the composer root version setting on Travis
Daniel Beyer
Fabien Potencier
rkerner
Abdellatif Ait boudad
Baptiste Clavié
Christian Flothmann
Lorenz Schori
pthompson
Nicolas Grekas
Alexander Schwenn
Massimiliano Arione
Warnar Boekkooi
victoria
Alexander M. Turek
WouterJ
Peter Thompson
Lee Rowlands