This PR was merged into the 2.2 branch.
Commits
-------
54d7d25 [HttpKernel] hinclude fragment renderer must escape URIs properly to return valid html
Discussion
----------
[HttpKernel] hinclude fragment renderer must escape URIs properly to return valid html
| Q | A
| ------------- | ---
| Bug fix? | [yes]
| New feature? | [no]
| BC breaks? | [no]
| Deprecations? | [no]
| Tests pass? | [yes]
| Fixed tickets | [-]
| License | MIT
| Doc PR | [-]
Since rendering of hinclude fragments returns html/xml, it is marked as safe. So it's not auto-escaped of course. But that means it must properly escape it's input (the URI) when outputting in html context.
Btw, this does not need to be done for esi because esi tags are processed in middleware which do not go to the client/browser.
---------------------------------------------------------------------------
by Koc at 2013-02-15T22:59:05Z
Will it works correct when `arg_separator.output="&"`?
---------------------------------------------------------------------------
by stof at 2013-02-15T23:04:01Z
if your url comes form the routing, yes. It [does not rely on the default separator](https://github.com/symfony/Routing/blob/master/Generator/UrlGenerator.php#L265) to avoid issues when the separator is configured to ``&`` as it would have been escaped again in Twig templates for instance.
---------------------------------------------------------------------------
by fabpot at 2013-02-16T07:26:19Z
Can you include the proper PR header in the description? Thanks.
---------------------------------------------------------------------------
by Tobion at 2013-02-16T12:28:18Z
Added.
This PR was merged into the 2.2 branch.
Commits
-------
171cff0 [FrameworkBundle] Fix a BC for Hinclude global template
Discussion
----------
[FrameworkBundle] Fix a BC break for Hinclude global template
@fabpot should the one who broke BC write a UT for this ? (I won't have time in the next few days).
This PR was merged into the 2.1 branch.
Commits
-------
3e40c17 [HttpKernel] fixed locale management when exiting sub-requests
Discussion
----------
[HttpKernel] fixed locale management when exiting sub-requests
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7063
| License | MIT
| Doc PR | n/a
This fix is temporary as #7007 will fix it properly in Symfony 2.3.
---------------------------------------------------------------------------
by vicb at 2013-02-17T20:17:44Z
changelog ?
---------------------------------------------------------------------------
by fabpot at 2013-02-17T20:27:22Z
The changelogs are updated when we release a new version only.
---------------------------------------------------------------------------
by stof at 2013-02-17T20:41:00Z
@fabpot the intl locale should be reset to the right value too
---------------------------------------------------------------------------
by stof at 2013-02-17T20:42:31Z
hmm sorry, I missed the fact that you are changing the locale in the Request again, which will set the intl one
This PR was merged into the 2.2 branch.
Commits
-------
a313188 added a proper setter for the templating servicein HInclude
Discussion
----------
added a proper setter for the templating servicein HInclude
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
---------------------------------------------------------------------------
by stof at 2013-02-17T12:44:40Z
👍
This PR was merged into the 2.2 branch.
Commits
-------
738de9a [HttpKernel] added a unit for the previous commit (closes#7025)
d0e4b76 [HttpFoundation] fixed, overwritten CONTENT_TYPE
Discussion
----------
Fixed content type when passed as a server value
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7025
| License | MIT
| Doc PR | n/a
---------------------------------------------------------------------------
by stof at 2013-02-17T14:51:35Z
👍
* 2.1:
[FrameworkBundle] tweaked reference dumper command (see #7093)
[HttpKernel] added some tests for previous merge
Fix REMOTE_ADDR for cached subrequests
[Process] Warn user with a useful message when tmpfile() failed
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ConfigDumpReferenceCommand.php
This PR was merged into the 2.1 branch.
Commits
-------
18b139d [FrameworkBundle] tweaked reference dumper command (see #7093)
Discussion
----------
[FrameworkBundle] tweaked reference dumper command (see #7093)
The same as #7093 just for 2.1.
This PR was merged into the 2.2 branch.
Commits
-------
b240d1f [BrowserKit] added a test to make sure HTTP authentication is preserved when submitting a form
Discussion
----------
[WIP]BrowserKit] added a test to make sure HTTP authentication is preserved
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets |
| License | MIT
| Doc PR |
Since #6995 BrowseKit no longer seems to preserve the HTTP authentication when submitting a form. This PR adds a test to demonstrate the failure.
---------------------------------------------------------------------------
by vicb at 2013-02-13T12:49:16Z
Thanks. Could you add a "[WIP]" prefix to the PR tittle and set "bug fix" to "no" for now ?
---------------------------------------------------------------------------
by sstok at 2013-02-13T13:59:42Z
done 👍
---------------------------------------------------------------------------
by fabpot at 2013-02-17T12:49:35Z
This cannot be related to #6995 as your test does not involve any HttpFoundation classes.
This PR was merged into the 2.2 branch.
Commits
-------
cb319ac [HttpKernel] added error display suppression when using the ErrorHandler (if not, errors are displayed twice, refs #6254)
Discussion
----------
[HttpKernel] added error display suppression when using the ErrorHandler (if not, errors are displayed twice, refs #6254)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
---------------------------------------------------------------------------
by bamarni at 2013-02-15T10:15:29Z
Are you sure this fixes the twice displaying issue? This is already done here : https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpKernel/Kernel.php#L99
Fatal errors are displayed twice in some situations because this handler gets registered twice, and it registers 2 times the same shutdown callback, a few lines below your change.
---------------------------------------------------------------------------
by fabpot at 2013-02-15T10:21:39Z
No, I've closed this #6254 as this is an Assetic issue, not a Symfony one.
This PR was squashed before being merged into the 2.2 branch (closes#7060).
Commits
-------
f842ae6 [FrameworkBundle] CSRF should be on by default
Discussion
----------
[FrameworkBundle] CSRF should be on by default
---------------------------------------------------------------------------
by stof at 2013-02-13T11:27:32Z
👍
---------------------------------------------------------------------------
by vicb at 2013-02-15T08:54:39Z
Oops seems like a file is missing... will update
---------------------------------------------------------------------------
by vicb at 2013-02-15T09:04:13Z
@fabpot the fix is fixed, ready to be merged !
---------------------------------------------------------------------------
by stloyd at 2013-02-15T09:05:24Z
Shouldn't this be noted in upgrade/changelog file? It's kinda of BC break...
---------------------------------------------------------------------------
by vicb at 2013-02-15T09:13:18Z
don't fix so, this is something I did break a few weeks ago, just reverting to how it is supposed to work.
---------------------------------------------------------------------------
by fabpot at 2013-02-15T09:49:21Z
If you broke CSRF configuration, I suppose that you also broke form, ESI, framgents, translator, validator, and profiler configuration, no (see fde7585)?
---------------------------------------------------------------------------
by vicb at 2013-02-15T09:51:51Z
Hey @fabpot I am not that BAD :)
"form, ESI, framgents, translator, validator, and profiler" are off by default. Only CSRF should be on by default.
This PR was squashed before being merged into the 2.2 branch (closes#6999).
Commits
-------
de0f7b7 [HttpFoundation] Added getter for httpMethodParameterOverride state
Discussion
----------
[HttpFoundation] Added getter for httpMethodParameterOverride state
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6984
| License | MIT
| Doc PR | ~
* 2.1:
added support for the X-Forwarded-For header (closes#6982, closes#7000)
fixed the IP address in HttpCache when calling the backend
[EventDispatcher] Added assertion.
[EventDispathcer] Fix removeListener
[DependencyInjection] Add clone for resources which were introduced in 2.1
[DependencyInjection] Allow frozen containers to be dumped to graphviz
Fix 'undefined index' error, when entering scope recursively
[Security] fixed session creation on login (closes#7011)
Add dot character `.` to legal mime subtype regular expression
[HttpFoundation] fixed the creation of sub-requests under some circumstancies (closes#6923, closes#6936)