This PR was squashed before being merged into the 2.3 branch (closes#13286).
Discussion
----------
[Security] Don't destroy the session on buggy php releases.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13269, #13283
| License | MIT
| Doc PR | none
See #13269 for the discussion. This workaround avoids destroying the old session after login on the migrate strategy when running under a php version that we know to be broken.
Corresponding php bug: https://bugs.php.net/bug.php?id=63379
Commits
-------
5d0b527 [Security] Don't destroy the session on buggy php releases.
This PR was squashed before being merged into the 2.3 branch (closes#13231).
Discussion
----------
[WIP] Made help information of commands more consistent
| Q | A
| --- | ---
| Test pass | Not yet
| License | MIT
| Fixed tickets | -
Commits
-------
602d687 [WIP] Made help information of commands more consistent
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] fix failing test
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Fix failing tests on 2.3 with components=high
Commits
-------
064799a [2.3] fix failing test
This PR was merged into the 2.3 branch.
Discussion
----------
CS: add missing param names to @param annotation
| Q | A
| ------------- | ---
| Fixed tickets |
| License | MIT
as stated by @stof [here](https://github.com/symfony/symfony/pull/12886#issuecomment-68626732)
Commits
-------
665825b add missing param names to @param annotation
This PR was merged into the 2.3 branch.
Discussion
----------
Improve the composer root version setting on Travis
The previous implementation was setting dev-master in all branches. This was working fine only because the dev-master branch alias was never updated in maintenance branches, and so dev-master was aliased as 2.3.x-dev in the 2.3 branch.
Commits
-------
01f7a3a Improve the composer root version setting on Travis
- Moves dumping single-quoting logic into Yaml\Escaper
- Ensures that PHP values which would be interpreted as booleans in
older versions of the YAML spec are escaped with single quotes when
dumped by the Dumper.
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] missing cleanup for legacy test
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
7e929ab [2.3] missing cleanup for legacy test
This PR was merged into the 2.3 branch.
Discussion
----------
[Filesystem] enforce umask while testing
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Having a predictable umask (but not the usual one) should help (TDD for #13222).
When merging in 2.5, the patch should be moved to the new `FilesystemTestCase`
Commits
-------
1e547be [Filesystem] enforce umask while testing
This PR was merged into the 2.3 branch.
Discussion
----------
[TwigBridge] moved fixtures into their own directory
Commits
-------
0b775cd [TwigBridge] moved fixtures into their own directory
This PR was merged into the 2.3 branch.
Discussion
----------
[TwigBundle] added missing @deprecated tags
The `Symfony\Bundle\TwigBundle\Extension\ActionsExtension` class has been deprecated in Symfony 2.2 but we forgot to deprecate the related classes.
Commits
-------
82f8a79 [TwigBundle] added missing @deprecated tags
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] Update README.md
| Q | A
| ------------- | ---
| Fixed tickets |
| License | MIT
The ability to pass file names to Yaml::parse() was deprecated in 2.2 and will be removed in 3.0. So show an up-to-date example.
Commits
-------
bab98f0 [Yaml] Update README.md
The previous implementation was setting dev-master in all branches. This
was working fine only because the dev-master branch alias was never
updated in maintenance branches, and so dev-master was aliased as
2.3.x-dev in the 2.3 branch.
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#12417).
Discussion
----------
[HttpFoundation] Fix an issue caused by php's Bug #66606.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
75df4a6 [HttpFoundation] Fix an issue caused by php's Bug #66606.
This PR was submitted for the 2.7 branch but it was merged into the 2.3 branch instead (closes#13200).
Discussion
----------
Don't add Accept-Range header on unsafe HTTP requests
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12556
| License | MIT
| Doc PR | N/A
Commits
-------
24a287f Don't add Accept-Range header on unsafe HTTP requests
This PR was submitted for the 2.7 branch but it was merged into the 2.3 branch instead (closes#13210).
Discussion
----------
simplify hasScheme method
... and correct the mistake in docblock
Commits
-------
ad0d93b simplify hasScheme method
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#12491).
Discussion
----------
[Security] Don't send remember cookie for sub request
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Remember cookie shouldn't be sent for sub request
Commits
-------
ec38936 adapted previous commit for 2.3
119b091 [Security] Don't send remember cookie for sub request
This PR was submitted for the 2.5 branch but it was merged into the 2.3 branch instead (closes#12574).
Discussion
----------
[HttpKernel] Fix UriSigner::check when _hash is not at the end of the uri
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I have a weird server installation behind Varnish that rewrite the signed URL to add the _hash at the end of the url queries.
Exemple :
URL called: http://exemple.com/page?foo=bar&_hash=123
URL received by PHP: http://exemple.com/page?_hash=123&foo=bar
When the _hash is not at the end of the URL, the UriSigner fail to verify it even if the _hash is correct.
The fix rewrites the check function to use parse_url and parse_str to analyse the URI and check the signature.
Commits
-------
29b217c [HttpKernel] Fix UriSigner::check when _hash is not at the end of the uri