This PR was merged into the 2.7 branch.
Discussion
----------
Update misleading comment about RFC4627
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
RFC 4627 does not dictate escaping of HTML special characters
Commits
-------
72b6c9e Update misleading comment about RFC4627
This PR was squashed before being merged into the 2.7 branch (closes#18688).
Discussion
----------
[HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#6526
Emit a warning when a request has both a trusted Forwarded header and a trusted X-Forwarded-For header, as this is most likely a misconfiguration which causes security issues.
Commits
-------
ee8842f [HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] Dont close the reponse stream in debug
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19078
| License | MIT
| Doc PR | -
Because it's `terminate`'s job to clean the state, not the `Response`'s,
and because the current behavior prevents getting any output on trailing errors on FPM especially.
Commits
-------
2fbc200 [HttpKernel] Dont close the output stream in debug
This PR was merged into the 2.7 branch.
Discussion
----------
[Session] fix PDO transaction aborted under PostgreSQL
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14641
| License | MIT
| Doc PR |
Fixes the transactional concurrency error handling for PostgreSQL which does not allow to execute further queries in a transaction with an error.
Because of the loop, look at the diff with whitespace ignored to see the difference: https://github.com/symfony/symfony/pull/19101/files?w=1
Commits
-------
f8eefa0 [Session] fix PDO transaction aborted under PostgreSQL
* 2.3:
Update HTTP statuses list
[Console][#18619] Prevent fatal error when calling Command#getHelper() without helperSet
Add SplFileInfo array doc on Finder iterator methods so that IDE will know what it returns
[2.3] [Form] Modified iterator_to_array's 2nd parameter to false in ViolationMapper
Updated the link to the list of currency codes
* 2.3:
[HttpFoundation] Improve phpdoc
[Logging] Add support for firefox in ChromePhpHandler
[Security] Fixed SwitchUserListener when exiting an impersonication with AnonymousToken
[Form] fix "prototype" not required when parent form is not required
Improve the phpdoc for the `$default` parameter of the `get()` method. It wasn't clear when the default value would be used (whether the key would not exist or the value was `null` or nullish).
The comment is now in sync with `Symfony\Component\HttpFoundation\ParameterBag::get()`.
* 2.3:
[travis] Disable hirak/prestissimo for deps=low/high tests
[HttpFoundation] fix phpdoc of UploadedFile
[ci] Skip dns-sensitive tests when DnsMock is not found
Optimize ReplaceAliasByActualDefinitionPass
[Process] use __METHOD__ where applicable
Conflicts:
.travis.yml
src/Symfony/Component/DependencyInjection/Compiler/ReplaceAliasByActualDefinitionPass.php
src/Symfony/Component/Process/Process.php
src/Symfony/Component/Process/ProcessBuilder.php
* 2.3:
bumped Symfony version to 2.3.40
set s-maxage only if all responses are cacheable
updated VERSION for 2.3.39
update CONTRIBUTORS for 2.3.39
updated CHANGELOG for 2.3.39
Improved the "branch" row of the PR table
Fix typos #18090 1. PHPs session design to PHP's session design 2. Symfony HttpKernel offers to Symfony's HttpKernel offers 3. in which case it it should to in which case it should
Fix for Isssue #18091
replace perfom by perform
minor #18088 Fix typo for profiler
1. PHPs session design to PHP's session design
2. Symfony HttpKernel offers to Symfony's HttpKernel offers
3. in which case it it should to in which case it should
* 2.3:
[ci] use hirak/prestissimo
[Filesystem] Fix transient tests
[HttpFoundation] Avoid warnings when checking malicious IPs
[HttpFoundation] Set the Content-Range header if the requested Range is unsatisfied
Conflicts:
appveyor.yml
src/Symfony/Component/Filesystem/Tests/FilesystemTest.php
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] Set the Content-Range header if the requested Range is unsatisfied
| Q | A
| ------------- | ---
| Branch | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This is a followup to https://github.com/symfony/symfony/pull/17150#issuecomment-174509954
[RFC2616](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html) specifies the Content-Range header SHOULD be included with a *416 Requested Range Not Satisfiable* response:
> When this status code is returned for a byte-range request, the response SHOULD include a Content-Range entity-header field specifying the current length of the selected resource (see section 14.16). This response MUST NOT use the multipart/byteranges content- type.
[RFC 7233](https://tools.ietf.org/html/rfc7233#section-4.2) specifies what should be the header's value. It's in the "Request for comments" state, but it's the best definition I could find. This value is valid according to rfc2616 as well.
Commits
-------
54329d8 [HttpFoundation] Set the Content-Range header if the requested Range is unsatisfied
* 2.3:
[Finder] Partially revert #17134 to fix a regression
[HttpKernel] Fix mem usage when stripping the prod container
exception when registering bags for started sessions
Conflicts:
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/HttpKernel/Kernel.php
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] exception when registering bags for started sessions
| Q | A
| ------------- | ---
| Branch | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10707, #16136
| License | MIT
| Doc PR |
Commits
-------
c4a5b67 exception when registering bags for started sessions
* 2.3:
[HttpFoundation] Fix transient test
[HttpFoundation] Add a dependency on the mbstring polyfill
add readme files where missing
Don't use reflections when possible
[Form] Update form tests after the ICU data update
[Intl] Update tests and the number formatter to match behaviour of the intl extension
[Intl] Update the ICU data to version 55
[Intl] Fix the update-data.php script in preparation for ICU 5.5
Use constant instead of function call.
fixed test name
automatically generate safe fallback filename
Conflicts:
src/Symfony/Component/Debug/Debug.php
src/Symfony/Component/HttpFoundation/composer.json
src/Symfony/Component/Serializer/Tests/Normalizer/GetSetMethodNormalizerTest.php
