This PR was squashed before being merged into the 2.3 branch (closes#11403).
Discussion
----------
[Translator][FrameworkBundle] Added @ to the list of allowed chars in Translator
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11396
| License | MIT
Commits
-------
3176f8b [Translator][FrameworkBundle] Added @ to the list of allowed chars in Translator
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] [Process] Use correct test for empty string in UnixPipes
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This PR supersedes #11264 : 2.3 compatibility + Windows compatibility + CS fix
Commits
-------
cec0a45 [Process] Adjust PR #11264, make it Windows compatible and fix CS
9e1ea4a [Process] Use correct test for empty string in UnixPipes
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][Process] Fix unit tests on Windows platform
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
Commits
-------
d418935 [Process] Fix unit tests on Windows platform
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] Fix to prevent magic bytes injection in JSONP responses... (CVE-2014-4671)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no*
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
| CVE Ticket | [CVE-2014-4671](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4671)
| See Also | [Rosetta Flash](http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/)
\* Unless you are parsing the response string manually, which you really shouldn't do anyway
**THIS IS A SECURITY FIX AND SHOULD BE MERGED SHORTLY**
This fix prevents attacks vectors where third-party browser plugins depends on ASCII magic bytes in order to execute a plugin. This is currently exploited with Flash using a carefully crafted JSONP response, allowing the execution of random SWF data from a domain with a vulnerable JSONP endpoint.
This security issue is mitigated by adding an empty comment right before the callback parameter. This does not affect the execution of the JSONP callback.
Commits
-------
6af3d05 [HttpFoundation] Fix to prevent magic bytes injection in JSONP responses (Prevents CVE-2014-4671)
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] [Validator] Fix UserPassword validator translation
| Q | A
| ------------- | ---
| Fixed tickets | None
| License | MIT
Fixes the UserPassword translation message only for 2.3 as discussed in symfony/symfony#11383.
Commits
-------
73d50ed Fix UserPassword validator translation
This PR was merged into the 2.3 branch.
Discussion
----------
Remove Spaceless Blocks from Twig Form Templates
In favor of using Twig's whitespace control operators. See #11277
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11277
| License | MIT
| Doc PR |
Per @fabpot and @stof's requests in #11278, this is a PR for the 2.3 branch.
Commits
-------
8f9ed3e Remove Spaceless Blocks from Twig Form Templates
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][HttpFoundation] Fix wrong assertion in Response test
| Q | A
| ------------- | ---
| Bug fix? | kinda
| New feature? | no
| BC breaks? | no
| Tests pass? | yes
| License | MIT
Commits
-------
3d63f80 [HttpFoundation] Fix wrong assertion in Response test
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#9719).
Discussion
----------
[TwigBundle] fix configuration tree for paths
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8171
| License | MIT
| Doc PR | na
This is a joint effort with @mdavis1982 and @cordoval 👶 pairing up and warming for hacking day in Warsaw
Commits
-------
9aa88e4 added regression test
4201d41 fix issue #8171 on configuration tree for twig extension -- pairing up with @cordoval
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][Form] Cleanup & fix phpdocs
| Q | A
| ------------- | ---
| Bug fix? | kinda
| New feature? | no
| BC breaks? | no
| Tests pass? | yes
| License | MIT
This PR was done mostly cause of reports about invalid/not supported types/variables in phpstorm/scrutinizer-ci, and after I started fixing I noticed more problems in those phpdocs so I have cleanedup them a bit.
Commits
-------
a67bc76 [2.3][Form] Cleanup & fix phpdocs
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#11244).
Discussion
----------
[HttpFoundation] Remove body-related headers when sending the response, if body is empty
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
I've updated the implementation for informational and 204 or 304 responses. They will now, as they have no content, not return headers like `content-type` or `content-length`.
I'm unsure about `content-length` - we could also set it hardcoded to zero ... but I thought, that (because the specs say that it just can't have a response-body) the system should not return anything here.
Commits
-------
9dbe89d [HttpFoundation] Remove content-related headers if content is empty
This PR was merged into the 2.3 branch.
Discussion
----------
remove defaults from PHPUnit configuration
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | --
| License | MIT
| Doc PR | --
Follow-up to #11329.
Commits
-------
afc4930 removed defaults from PHPUnit configuration
This PR was merged into the 2.3 branch.
Discussion
----------
add XSD to PHPUnit configuration
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | --
| License | MIT
| Doc PR | --
The syntax check functionality has been removed in PHPUnit 3.6 already. But there's no Composer constraint for PHPUnit, so you can never know which version will actually be used to run tests. Let me know what you think.
Commits
-------
84b5581 added XSD to PHPUnit configuration
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Ensure the storage exists before purging it in ProfilerTest
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11319
| License | MIT
| Doc PR | None
Commits
-------
eb63270 bug #11319 [HttpKernel] Ensure the storage exists before purging it in ProfilerTest
This PR was merged into the 2.3 branch.
Discussion
----------
Simplified the Travis test command
There is no reason to turn a failure into a different failure. And this will avoid Travis to say that the "false" command failed.
Commits
-------
e8d01c9 Simplified the Travis test command
This PR was submitted for the 2.5 branch but it was merged into the 2.3 branch instead (closes#11238).
Discussion
----------
[Translation] Added unescaping of ids in PoFileLoader
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Although it is not directly described in gettext docs, _msgid_ should be unescaped too. The other reason to unescape _msgid_ is symmetry between ```PoFileLoader``` and ```PoFileDumper```. The dumper escapes both _msgid_ and _msgstr_ values, but the loader unescapes only _msgstr_.
Commits
-------
816a4a9 [Translation] Added unescaping of ids in PoFileLoader
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#11246).
Discussion
----------
[Validator] updated italian translations
Commits
-------
b74afe0 updated italian translation for validation messages
This PR was merged into the 2.3 branch.
Discussion
----------
[DomCrawler] Fix Link docblocks and formatting
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
re #11194
Commits
-------
5cbe13e [DomCrawler] Fix docblocks and formatting.