* 2.3:
[Request] Ignore invalid IP addresses sent by proxies
Able to load big xml files with DomCrawler
fixed typo
[Form] Fix constraints could be null if not set
[Finder] Check PHP version before applying a workaround for a PHP bug
fixed CS
sort bundles in config:dump-reference command
Fixer findings.
* 2.3:
[Process] Remove a misleading comment
Improve the phpdoc of SplFileInfo methods
[Process] Use stream based storage to avoid memory issues
Fixed the documentation of VoterInterface::supportsAttribute
Remove useless duplicated tests
[FrameworkBundle] Optimize framework extension tests
Use is_subclass_of instead of Reflection when possible
* 2.3:
[travis] timeout the sigchild tests at 60s
CS: Single line comments should use double slashes (//) and not hash (#).
Do not use HttpKernel Extension when not needed
bumped Symfony version to 2.3.37
updated VERSION for 2.3.36
update CONTRIBUTORS for 2.3.36
updated CHANGELOG for 2.3.36
use nowdoc instead of heredoc
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ConfigDumpReferenceCommand.php
src/Symfony/Bundle/FrameworkBundle/Command/RouterApacheDumperCommand.php
src/Symfony/Bundle/FrameworkBundle/Command/RouterMatchCommand.php
src/Symfony/Bundle/FrameworkBundle/Translation/Translator.php
src/Symfony/Bundle/TwigBundle/Command/LintCommand.php
src/Symfony/Component/Config/Tests/Definition/Dumper/YamlReferenceDumperTest.php
src/Symfony/Component/Debug/ExceptionHandler.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Routing/Generator/Dumper/PhpGeneratorDumper.php
* 2.3:
Fix undefined array $server
[ProxyManager] Tmp fix composer reqs issue in ZF
Add missing exclusions from phpunit.xml.dist
Fix the server variables in the router_*.php files
[Validator] Allow an empty path with a non empty fragment or a query
The following change adds support for Armenian pluralization.
[2.3][Process] fix Proccess run with pts enabled
Conflicts:
composer.json
src/Symfony/Bridge/ProxyManager/composer.json
src/Symfony/Bundle/DebugBundle/phpunit.xml.dist
src/Symfony/Component/Security/phpunit.xml.dist
* 2.6:
[Security] fix check for empty usernames
[Form] updated exception message of ButtonBuilder::setRequestHandler()
[travis] Fix deps=high jobs
[HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content
[DependencyInjection] Remove unused code in XmlFileLoader
[HttpFoundation] Behaviour change in PHP7 for substr
bumped Symfony version to 2.3.32
updated VERSION for 2.3.31
update CONTRIBUTORS for 2.3.31
updated CHANGELOG for 2.3.31
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
* 2.3:
[Security] fix check for empty usernames
[Form] updated exception message of ButtonBuilder::setRequestHandler()
[travis] Fix deps=high jobs
[HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content
[DependencyInjection] Remove unused code in XmlFileLoader
[HttpFoundation] Behaviour change in PHP7 for substr
bumped Symfony version to 2.3.32
updated VERSION for 2.3.31
update CONTRIBUTORS for 2.3.31
updated CHANGELOG for 2.3.31
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php
src/Symfony/Component/HttpKernel/Kernel.php
* 2.6:
Added 'default' color
[HttpFoundation] Reload the session after regenerating its id
[HttpFoundation] Add a test case to confirm a bug in session migration
[2.6] Static Code Analysis for Components and Bundles
[Finder] Command::addAtIndex() fails with Command instance argument
[DependencyInjection] Freeze also FrozenParameterBag::remove
[Twig][Bridge] replaced `extends` with `use` in bootstrap_3_horizontal_layout.html.twig
fix CS
fixed CS
Add a way to reset the singleton
[Security] allow to use `method` in XML configs
Remove duplicate example
Remove var not used due to returning early (introduced in 8982c32)
Enhance hhvm test skip message
* 2.3:
Added 'default' color
[HttpFoundation] Reload the session after regenerating its id
[HttpFoundation] Add a test case to confirm a bug in session migration
[Finder] Command::addAtIndex() fails with Command instance argument
[DependencyInjection] Freeze also FrozenParameterBag::remove
fix CS
fixed CS
Add a way to reset the singleton
[Security] allow to use `method` in XML configs
Remove var not used due to returning early (introduced in 8982c32)
Enhance hhvm test skip message
* 2.6:
[Validator] remove partial deprecation annotation
Updated UPGRADE-2.4.md
[Form] Support DateTimeImmutable in transform()
[Form] add test to avoid regression of #14891
without this change allways the legacy code get called
[Form] Fix call to removed method (BC broken in 2.3)
[HttpFoundation] Get response content as resource several times for PHP >= 5.6
Improved duplicated code in FileLocator
* 2.3:
[Form] Support DateTimeImmutable in transform()
[Form] Fix call to removed method (BC broken in 2.3)
[HttpFoundation] Get response content as resource several times for PHP >= 5.6
Improved duplicated code in FileLocator
* 2.6: (30 commits)
[Translation] fixed JSON loader on PHP 7 when file is empty
Fix typo
Check instance of FormBuilderInterface instead of FormBuilder
[Security] TokenBasedRememberMeServices test to show why encoding username is required
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
fixed typo
[console][formater] allow format toString object.
[HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
Avoid redirection to XHR URIs
[HttpFoundation] IpUtils::checkIp4() should allow networks
[2.6] Fix HTML escaping of to-source links
Fix HTML escaping of to-source links
ExceptionHandler: More Encoding
Fix the rendering of deprecation log messages
[FrameworkBundle] Removed unnecessary parameter in TemplateController
[DomCrawler] Throw an exception if a form field path is incomplete.
Fixed the indentation in the compiled template for the DumpNode
[Console] Delete duplicate test in CommandTest
[TwigBundle] Refresh twig paths when resources change.
WebProfiler break words
...
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig
src/Symfony/Component/Debug/ExceptionHandler.php
* 2.3:
Fix typo
Check instance of FormBuilderInterface instead of FormBuilder
[Security] TokenBasedRememberMeServices test to show why encoding username is required
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
[console][formater] allow format toString object.
[HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
Avoid redirection to XHR URIs
[HttpFoundation] IpUtils::checkIp4() should allow networks
Fix HTML escaping of to-source links
[FrameworkBundle] Removed unnecessary parameter in TemplateController
[DomCrawler] Throw an exception if a form field path is incomplete.
[Console] Delete duplicate test in CommandTest
[TwigBundle] Refresh twig paths when resources change.
WebProfiler break words
fixed typo
Update README.md
[HttpKernel] Handle an array vary header in the http cache store
[Security][Translation] fixes#14584
[Framework] added test for Router commands.
Handled bearer authorization header in REDIRECT_ form
Conflicts:
src/Symfony/Component/Debug/ExceptionHandler.php
This PR was squashed before being merged into the 2.3 branch (closes#14335).
Discussion
----------
[HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13617
| License | MIT
| Doc PR |
When the script filename is just /index.php, dirname() returns '/' for it. In Request::prepareBaseUrl() we append '/' to it (as introduced in #13039), which is wrong in this scenario as the resulting string is '//'.
When we rtrim('/') the output of dirname() then '/' would be constructed in this case, and in all other cases it makes no difference as dirname() already trims the right forward slash if there are path segments.
The test-cases should clarify the exact scenario.
Commits
-------
f24a6dd [HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
* 2.6: (25 commits)
[2.6] link to https://symfony.com where possible
Do not override PHP constants, only use when available
link to https://symfony.com where possible
[FrameworkBundle] Added missing log in server:run command
[Finder] Only use GLOB_BRACE when available
[HttpFoundation] Allow curly braces in trusted host patterns
Fix merge
Fix typo in variable name
[profiler][security] check authenticated user by tokenClass instead of username.
[WebProfiler] fix html syntax for input types
[TwigBundle] Fix deprecated use of FlattenException
[DependencyInjection] Removed extra strtolower calls
Use https://symfony.com/search for searching
[Debug] PHP7 compatibility with BaseException
[Validator] Fixed Choice when an empty array is used in the "choices" option
Fixed tests
[StringUtil] Fixed singularification of 'selfies'
Fix Portuguese (Portugal) translation for Security
improved exception when missing required component
[DependencyInjection] resolve circular reference
...
Conflicts:
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/config.html.twig
src/Symfony/Component/Form/README.md
src/Symfony/Component/Intl/README.md
src/Symfony/Component/Security/README.md
src/Symfony/Component/Translation/README.md
src/Symfony/Component/Validator/README.md
* 2.3:
link to https://symfony.com where possible
[FrameworkBundle] Added missing log in server:run command
[HttpFoundation] Allow curly braces in trusted host patterns
[profiler][security] check authenticated user by tokenClass instead of username.
Use https://symfony.com/search for searching
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Test/WebTestCase.php
src/Symfony/Component/Form/README.md
src/Symfony/Component/Intl/README.md
src/Symfony/Component/Routing/composer.json
src/Symfony/Component/Security/README.md
src/Symfony/Component/Translation/README.md
src/Symfony/Component/Validator/README.md
* 2.6: (24 commits)
[HttpKernel] Embed the original exception as previous to bounced exceptions
[Enhancement] netbeans - force interactive shell when limited detection
[FrameworkBundle] fixes displaying of deprecation notices.
Revert "Added missing changelog entry"
[Debug] Tweak docblocks
[Debug] Rework a bit the PHP doc
Added missing changelog entry
[StringUtil] Fixed singularification of 'movies'
[Debug] Renamed "context" key to "scope_vars" to avoid any ambiguity
Fix some phpdocs for Twig extensions & templating helpers
[Debug] Made code in ErrorHandler easier to read
Use specialized config methods instead of the generic ifTrue() method
Fix the AJAX profiling
bumped Symfony version to 2.6.7
updated VERSION for 2.6.6
updated CHANGELOG for 2.6.6
Safe escaping of fragments for eval()
bumped Symfony version to 2.3.28
updated VERSION for 2.3.27
update CONTRIBUTORS for 2.3.27
...
Conflicts:
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/HttpKernel/Kernel.php
* 2.3:
bumped Symfony version to 2.3.28
updated VERSION for 2.3.27
update CONTRIBUTORS for 2.3.27
updated CHANGELOG for 2.3.27
isFromTrustedProxy to confirm request came from a trusted proxy.
Safe escaping of fragments for eval()
Conflicts:
src/Symfony/Component/HttpFoundation/Request.php
src/Symfony/Component/HttpKernel/HttpCache/Esi.php
src/Symfony/Component/HttpKernel/Kernel.php
* 2.6:
Fix small coding style
[2.3] Static Code Analysis for Components
[Form] fixed phpdoc
CS: Convert double quotes to single quotes
Fixed MongoODM entity loader. Improved loading behavior of entities and documents by reusing entity loader.
[Validator] added Japanese translation for unmatched charset (id: 80)
[WebProfilerBundle] fixed undefined buttons.
[WebProfilerBundle] Fix javascript toolbar on IE8
[DependencyInjection] Highest precedence for user parameters
bumped Symfony version to 2.6.6
[Translation][MoFileLoader] fixed load empty translation.
updated VERSION for 2.6.5
updated CHANGELOG for 2.6.5
bumped Symfony version to 2.3.27
updated VERSION for 2.3.26
update CONTRIBUTORS for 2.3.26
updated CHANGELOG for 2.3.26
[HttpKernel] UriSigner::buildUrl - default params for http_build_query
Conflicts:
src/Symfony/Bridge/Propel1/Tests/DataCollector/PropelDataCollectorTest.php
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php
src/Symfony/Component/Validator/Resources/translations/validators.ja.xlf
* 2.6:
Minor plural/singular change
print error message if server couldn't be started
[HttpFoundation] [Request] fix baseUrl parsing to fix wrong path_info
[Twig][Bridge][TranslationDefaultDomain] add support of named arguments.
[Form] Improved exception message if the data class is not found
Fixes ArgvInput's argument getter with empty tokens
execute cheaper checks before more expensive ones
[DependencyInjection] Fix missing ExpressionLanguageProviders on extension bild
[FrameworkBundle] FormDataCollector should be loaded only if form config is enabled
* 2.3:
[HttpFoundation] [Request] fix baseUrl parsing to fix wrong path_info
[Twig][Bridge][TranslationDefaultDomain] add support of named arguments.
[Form] Improved exception message if the data class is not found
Fixes ArgvInput's argument getter with empty tokens
execute cheaper checks before more expensive ones
Conflicts:
src/Symfony/Component/Form/FormConfigBuilder.php
This PR was squashed before being merged into the 2.3 branch (closes#13039).
Discussion
----------
[HttpFoundation] [Request] fix baseUrl parsing to fix wrong path_info
Hi everyone!
We at trivago had an issue with the Request object. It seems that all versions of symfony 2.x and 3.x are affected from this (possible) bug (don't checked 1.x).
Here is the problem:
some old legacy pages are deployed in the Document Root, let's say /var/www/www.test.com/ .
one or more new applications based on symfony are deployed to /var/release/new_app1/ , /var/release/new_app2/ , ... .
in /var/www/www.test.com/ there is a symlink "app" to /var/release/new_app1/web, like:
/var/www/www.test.com/app --> /var/release/new_app1/web/
there is a "SEO"/human-readable rewrite rule for Document Root (if called path/file not exist): (.*) --> app/app.php
the problem comes, when the user calls a uri starting with "app" or whatever the rewrite rule / symlink points to:
the user calls "http://www.test.com/apparthotel-1234"
results in $_SERVER parameters like this
```
'DOCUMENT_ROOT' =>'/var/www/www.test.com',
'SCRIPT_FILENAME' => '/var/www/www.test.com/app/app.php',
'SCRIPT_NAME' => '/app/app.php',
'PHP_SELF' => '/app/app.php/apparthotel-1234'
```
in Request::prepareBaseUrl() there are checks to find the baseUrl:
```
if ($baseUrl && false !== $prefix = $this->getUrlencodedPrefix($requestUri, $baseUrl)) {
// full $baseUrl matches
return $prefix;
}
if ($baseUrl && false !== $prefix = $this->getUrlencodedPrefix($requestUri, dirname($baseUrl))) {
// directory portion of $baseUrl matches
return rtrim($prefix, '/');
}
```
first it is checked if (in our case) "/app/app.php" is in the request uri (/apparthotel-1234).
it's not.
then it takes the dirname (of /app/app.php) which is /app and checks if it is in the request uri (/apparthotel-1234), and YES, it is! and "/app" is returned, but this is wrong, it should be empty (because it comes from a rewrite rule from root: /)!
later in preparePathInfo(), if there is a baseUrl, then the baseUrl is removed from the request uri:
/apparthotel-1234 ---> /arthotel-1234
The cause is, the second baseUrl check, checks if the path of the application is already in the uri, like when the request was "http://www.test.com/app/apparthotel-1234" and hit a rewrite rule like (.*) --> app.php in there, but because it matches a directory it must match "dirname($baseUrl) . '/'".
I also needed to fix one unit test of the getBaseUrl test:
the request uri recently was "/foo%20bar".
but from the $_SERVER infos "foo bar" is a directory, see:
```
'SCRIPT_FILENAME' => '/home/John Doe/public_html/foo bar/app.php',
'SCRIPT_NAME' => '/foo bar/app.php',
'PHP_SELF' => '/foo bar/app.php',
```
webservers will redirect a request "http://www.test.com/foo%20bar" to "http://www.test.com/foo%20bar/" when "foo bar" is a directory. checked this for apache 2.x and nginx 1.4.x.
this fix is for symfony master (3.0.x, see #13039).
I also prepared a merge request for actual 2.7 branch, it will also follow in some minutes. (see #13040)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | this, #13040, #13038, #7329
| License | MIT
[HttpFoundation] [Request]
* added missing slash to baseUrl-path part check to remove the path, only when it's also a path in the uri
[HttpFoundation] [Tests] [RequestTest]
* fixed and added unittests
This is the symfony 2.3 branch fix for the issue related to #13038 and #13040
Happy christmas!
Commits
-------
3a3ecd3 [HttpFoundation] [Request] fix baseUrl parsing to fix wrong path_info
