This PR was merged into the master branch.
Discussion
----------
[HttpFoundation] added a way to override the Request class
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7461, #7453
| License | MIT
| Doc PR | symfony/symfony-docs#3021
This is an alternative implementation for #7461.
I've also reverted #7381 and #7390 as these changes are not needed anymore.
Todo:
- [ ] add some tests
Commits
-------
464439d [HttpFoundation] added a way to override the Request class
* 2.3:
fixed Client when using the terminable event
Fix problem with Windows file links (backslash in JavaScript string)
[Security] fixed wrong phpdoc
[DependencyInjection] Prevented inlining of lazy loaded private service definitions.
[Routing] removed extra argument
[HttpFoundation] Header `HTTP_X_FORWARDED_PROTO` can contain various values Some proxies use `ssl` instead of `https`, as well as Lighttpd mod_proxy allows value chaining (`https, http`, where `https` is always first when request is encrypted).
Added doc comments
Conflicts:
src/Symfony/Component/Routing/Router.php
src/Symfony/Component/Security/Http/Firewall.php
* 2.2:
fixed Client when using the terminable event
Fix problem with Windows file links (backslash in JavaScript string)
[Security] fixed wrong phpdoc
[Routing] removed extra argument
[HttpFoundation] Header `HTTP_X_FORWARDED_PROTO` can contain various values Some proxies use `ssl` instead of `https`, as well as Lighttpd mod_proxy allows value chaining (`https, http`, where `https` is always first when request is encrypted).
Added doc comments
Conflicts:
src/Symfony/Component/HttpFoundation/Request.php
Some proxies use `ssl` instead of `https`, as well as Lighttpd mod_proxy allows
value chaining (`https, http`, where `https` is always first when request is encrypted).
* 2.3:
fixes RequestDataCollector bug, visible when used on Drupal8
[Console] fixed exception rendering when nested styles
[Console] added some more information about OutputFormatter::replaceStyle()
[Console] fixed the formatter for single-char tags
[Console] Escape exception message during the rendering of an exception
[DomCrawler] fixed HTML5 form attribute handling
Making tests pass on mac os x without this change tests would fail under mac os x at least in 10.8.2
[BrowserKit] Fixed the handling of parameters when redirecting
[Process] Properly close pipes after a Process::stop call
fixed bytes conversion when used on 32-bits systems
Typo fix
HttpFoundation RequestTest - Fixed indentation and removed comments
HttpFoundation Request test for #8619
LICENSE files moved to meta folders
added missing method in the UPGRADE file for 2.2 (closes#8941)
[Form] Fixed: "required" attribute is not added to <select> tag if no empty value
[Translation] Removed an unneeded return annotation.
[DomCrawler] Added missing docblocks and removed unneeded return annotation.
Conflicts:
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
* 2.2:
fixes RequestDataCollector bug, visible when used on Drupal8
[Console] fixed exception rendering when nested styles
[Console] added some more information about OutputFormatter::replaceStyle()
[Console] fixed the formatter for single-char tags
[Console] Escape exception message during the rendering of an exception
[BrowserKit] Fixed the handling of parameters when redirecting
Typo fix
HttpFoundation RequestTest - Fixed indentation and removed comments
HttpFoundation Request test for #8619
LICENSE files moved to meta folders
added missing method in the UPGRADE file for 2.2 (closes#8941)
[Translation] Removed an unneeded return annotation.
[DomCrawler] Added missing docblocks and removed unneeded return annotation.
Conflicts:
src/Symfony/Component/BrowserKit/Client.php
src/Symfony/Component/DomCrawler/Crawler.php
* 2.3:
[WebProfilerBundle] fixed toolbar for IE8 (refs #8380)
[HttpFoundation] removed double-slashes (closes#8388)
[HttpFoundation] tried to keep the original Request URI as much as possible to avoid different behavior between ::createFromGlobals() and ::create()
[TwigBridge] fixed form rendering when used in a template with dynamic inheritance
* 2.2:
[HttpFoundation] removed double-slashes (closes#8388)
[HttpFoundation] tried to keep the original Request URI as much as possible to avoid different behavior between ::createFromGlobals() and ::create()
[TwigBridge] fixed form rendering when used in a template with dynamic inheritance
* 2.3:
[HttpFoundation] removed extra parenthesis
[Process][2.2] Fix Process component on windows
[HttpFoundation] improve perf of previous merge (refs #8882)
Request->getPort() should prefer HTTP_HOST over SERVER_PORT
Fixing broken http auth digest in some circumstances (php-fpm + apache).
fixed typo
Conflicts:
src/Symfony/Component/Process/Process.php
* 2.2:
[HttpFoundation] removed extra parenthesis
[Process][2.2] Fix Process component on windows
[HttpFoundation] improve perf of previous merge (refs #8882)
Request->getPort() should prefer HTTP_HOST over SERVER_PORT
Fixing broken http auth digest in some circumstances (php-fpm + apache).
fixed typo
Conflicts:
src/Symfony/Component/Process/Process.php
* 2.3:
[Locale] fixed build-data exit code in case of an error
fixed request format of sub-requests when explicitely set by the developer (closes#8787)
Sets _format attribute only if it wasn't set previously by the user.
Exclude little words of 'ee' to 'oo' plural transformation
fixed the format of the request used to render an exception
Fix typo in the check_path validator
added a missing use statement (closes#8808)
fix for Process:isSuccessful()
Include untrusted host in the exception message
Conflicts:
src/Symfony/Component/HttpKernel/EventListener/ExceptionListener.php
src/Symfony/Component/HttpKernel/Fragment/InlineFragmentRenderer.php
* 2.2:
Fix getPort() returning 80 instead of 443 when X-FORWARDED-PROTO is set to https
[Translation] fixed a unit test
Conflicts:
src/Symfony/Component/HttpFoundation/Request.php
This PR was squashed before being merged into the master branch (closes#7559).
Discussion
----------
[HttpFoundation] [HttpKernel] Internal sub-requests should have X-Forwarded-For header providing real client IP
This is a better alternative to fix issue highlighted in #7554 and #7557.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7554, #7557
| License | MIT
When dealing with inline fragment renderer, it emulates an internal request by overriding the REMOTE_ADDR on Request. This is true, since conceptually request came from local server.
The problem that this introduces is that overriding the server value, it turns into an impossible state to retrieve the real client ip, only returning the local server IP (which is hardcoded to 127.0.0.1).
This patch takes the same approach as a Varnish call (it behaves the exact same way, reusing all code built for handling client ip handling on sub-requests), populating the X-Forwarded-For header and also making getClientIp smarter by removing possible local IP addresses from being considered as the client IP address.
Commits
-------
773e109 [HttpFoundation] [HttpKernel] Internal sub-requests should have X-Forwarded-For header providing real client IP
* 2.2:
[Config] #7644 add tests for passing number looking attributes as strings
[HttpFoundation][BrowserKit] fixed path when converting a cookie to a string
[BrowserKit] removed dead code
[HttpFoundation] fixed empty domain= in Cookie::__toString()
fixed detection of secure cookies received over https
[2.2] Pass ESI header to subrequests
[Translation] removed an uneeded class property
[Translation] removed unneeded getter/setter
[Translator] added additional conversion for encodings other than utf-8
fixed source messages to accept pluralized messages [Validator][translation][japanese] add messages for new validator
fix a DI circular reference recognition bug
[HttpFoundation] fixed the creation of sub-requests under some circumstances for IIS
Conflicts:
src/Symfony/Component/HttpFoundation/Tests/CookieTest.php
* 2.1:
[HttpFoundation][BrowserKit] fixed path when converting a cookie to a string
[BrowserKit] removed dead code
[HttpFoundation] fixed empty domain= in Cookie::__toString()
fixed detection of secure cookies received over https
[Translation] removed an uneeded class property
[Translation] removed unneeded getter/setter
[Translator] added additional conversion for encodings other than utf-8
fix a DI circular reference recognition bug
[HttpFoundation] fixed the creation of sub-requests under some circumstances for IIS
This PR was merged into the 2.1 branch.
Discussion
----------
[HttpFoundation] fixes creation of sub requests under IIS & Rewite Module
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6936, #6923
| License | MIT
| Doc PR | N/A
There are a few bugs to address.
1. `HTTP_X_ORIGINAL_URL` wasn't removed from the server parameters, so is picked back up [here](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpFoundation/ServerBag.php#L33) upon recreation of a sub request.
2. When `X_ORIGINAL_URL` is passed in the headers by IIS, `IIS_WasUrlRewritten` and `UNENCODED_URL` can also be passed as server vars, so they must also be removed for sub request URI's to be resolved correctly.
Additionally, I have removed the OS check for windows, because it was only done for 2 out of 4 of the IIS specific checks, and it made the code untestable.
Also added tests for all scenarios as there were none.
Commits
-------
9fcd2f6 [HttpFoundation] fixed the creation of sub-requests under some circumstances for IIS
* 2.2:
Fix default value handling for multi-value options
[HttpKernel] truncate profiler token to 6 chars (see #7665)
Disabled APC on Travis for PHP 5.5+ as it is not available
[HttpFoundation] do not use server variable PATH_INFO because it is already decoded and thus symfony is fragile to double encoding of the path
Fix download over SSL using IE < 8 and binary file response
[Console] Fix merging of application definition, fixes#7068, replaces #7158
[HttpKernel] fixed the Kernel when the ClassLoader component is not available (closes#7406)
fixed output of bag values
[Yaml] improved boolean naming ($notEOF -> !$EOF)
[Yaml] fixed handling an empty value
[Routing][XML Loader] Add a possibility to set a default value to null
[Console] fixed handling of "0" input on ask
The /e modifier for preg_replace() is deprecated in PHP 5.5; replace with preg_replace_callback()
fixed handling of "0" input on ask
[HttpFoundation] Fixed bug in key searching for NamespacedAttributeBag
[Form] DateTimeToRfc3339Transformer use proper transformation exteption in reverse transformation
Update PhpEngine.php
[PropertyAccess] Add objectives to pluralMap
[Security] Removed unused var
[HttpFoundation] getClientIp is fixed.
Conflicts:
src/Symfony/Component/Console/Tests/Command/CommandTest.php
src/Symfony/Component/Console/Tests/Input/ArgvInputTest.php
src/Symfony/Component/HttpFoundation/Request.php
src/Symfony/Component/HttpKernel/Kernel.php
* 2.1:
Fix default value handling for multi-value options
[HttpKernel] truncate profiler token to 6 chars (see #7665)
Disabled APC on Travis for PHP 5.5+ as it is not available
[HttpFoundation] do not use server variable PATH_INFO because it is already decoded and thus symfony is fragile to double encoding of the path
[Yaml] improved boolean naming ($notEOF -> !$EOF)
[Yaml] fixed handling an empty value
[Routing][XML Loader] Add a possibility to set a default value to null
The /e modifier for preg_replace() is deprecated in PHP 5.5; replace with preg_replace_callback()
[HttpFoundation] Fixed bug in key searching for NamespacedAttributeBag
[Form] DateTimeToRfc3339Transformer use proper transformation exteption in reverse transformation
Update PhpEngine.php
[HttpFoundation] getClientIp is fixed.
Conflicts:
.travis.yml
src/Symfony/Component/Routing/Loader/XmlFileLoader.php
src/Symfony/Component/Routing/Loader/schema/routing/routing-1.0.xsd
src/Symfony/Component/Routing/Tests/Fixtures/validpattern.xml
src/Symfony/Component/Routing/Tests/Loader/XmlFileLoaderTest.php
The getClientIp now returns ip of the earliest server in a proxy chain when all the servers in the chain are trusted proxies. Before this patch the getClientIp used to return null at such condition.
Some appropriate tests are added.