This PR was merged into the 2.6-dev branch.
Discussion
----------
[HttpFoundation] enhance PdoSessionHandler
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #5483, #2067, #2382, #9029
| License | MIT
0. [x] Continuation of locking implementation (#10908): Implement different locking strategies
- `PdoSessionHandler::LOCK_TRANSACTIONAL` (default): Issues a real row lock but requires a transaction
- `PdoSessionHandler::LOCK_ADVISORY`: app-level lock, safe as long as only the PdoSessionHandler accesses sessions, advantage is it does not require a transaction (not implemented for oracle or sqlsrv yet)
- `PdoSessionHandler::LOCK_NONE`: basically what is was before, prone to race conditions, means the last session write wins
1. [x] Save session data as binary: Encoding session data was definitely the wrong solution. Session data is binary text (esp. when using other session.serialize_handler) that must stay as-is and thus must also be safed in a binary column. Base64 encoding session data just decreses performance and increases storage costs and is semantically wrong because it does not have a character encoding.
That saving null bytes in Posgres won't work on a character column is also documented
> First, binary strings specifically allow storing octets of value zero and other "non-printable" octets (usually, octets outside the range 32 to 126). Character strings disallow zero octets, and also disallow any other octet values and sequences of octet values that are invalid according to the database's selected character set encoding.
http://www.postgresql.org/docs/9.1/static/datatype-binary.html#DATATYPE-BINARY-TABLE
2. [x] Implement lazy connections that are only opened when session is used by either passing a dsn string explicitly or falling back to session.save_path ini setting. Fixes#9029
3. [x] add a create table method that creates the correct table depending on database vendor. This makes the class self-documenting and standalone useable.
5. [x] add lifetime column to session table which allows to have different lifetimes for each session
6. [x] add isSessionExpired() method to be able to distinguish between a new session and one that expired due to inactivity, e.g. to display flash message to user
7. [x] added upgrade and changelog notes
Commits
-------
1bc6680 [HttpFoundation] implement different locking strategies for sessions
6f5748e adjust sqlite table definition
5978fcf added upgrade and changelog notes for PdoSessionHandler
182a5d3 [HttpFoundation] add create table method to pdo session handler
e79229d [HttpFoundation] allow different lifetime per session
af1bb1f add test for null byte in session data
251238d [HttpFoundation] implement lazy connect for pdo session handler
7dad54c [HttpFoundation] remove base64 encoding of session data
* 2.5:
[Doc] Use Markdown syntax highlighting
[Finder] tweaked docs
[Finder] Add info about possibilities offered by SplFileInfo
fixed CS
[Security][Http][Authentication] Make a test pass on HHVM
fix components tests
[Intl] FIxed failing test
[Intl] Generated the data for ICU version 54-rc
[EventDispatcher] fix doc bloc on EventDispatcherInterface
[Validator] Update validators.zh_CN.xlf, fix translation error
bumped Symfony version to 2.5.6
updated VERSION for 2.5.5
updated CHANGELOG for 2.5.5
bumped Symfony version to 2.3.21
updated VERSION for 2.3.20
update CONTRIBUTORS for 2.3.20
updated CHANGELOG for 2.3.20
[Intl] Integrated ICU data into Intl component
Conflicts:
src/Symfony/Component/Debug/README.md
src/Symfony/Component/DependencyInjection/README.md
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/OptionsResolver/README.md
* 2.3:
[Doc] Use Markdown syntax highlighting
[Finder] tweaked docs
[Finder] Add info about possibilities offered by SplFileInfo
fix components tests
[Intl] FIxed failing test
[Intl] Generated the data for ICU version 54-rc
[EventDispatcher] fix doc bloc on EventDispatcherInterface
[Validator] Update validators.zh_CN.xlf, fix translation error
bumped Symfony version to 2.3.21
updated VERSION for 2.3.20
update CONTRIBUTORS for 2.3.20
updated CHANGELOG for 2.3.20
[Intl] Integrated ICU data into Intl component
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Intl/ResourceBundle/LocaleBundle.php
This PR was merged into the 2.6-dev branch.
Discussion
----------
[2.3] Update src/Symfony/Component/HttpFoundation/Request.php
This makes `getContentType()` work when a regular form is submitted. It would return `"form"`
Commits
-------
c81ec4d Update src/Symfony/Component/HttpFoundation/Request.php
* 2.5:
[Command] Set the process title as late as possible
[Form] Removed constructor argument from FormTypeHttpFoundationExtension for forward compatibility with 2.5
[Validator] Simplified testing of violations
remove obsolete test file
[FrameworkBundle] output failed matched path for clarification
bug #10242 Missing checkPreAuth from RememberMeAuthenticationProvider
[Validator] Fixed StaticMethodLoaderTest to actually test something
[Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
Use request format from request in twig ExceptionController
fixed bug
added the possibility to return null from SimplePreAuthenticationListener
[Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
[Form] Add a form error if post_max_size has been reached.
Response::isNotModified returns true when If-Modified-Since is later than Last-Modified
[WebProfilerBundle] turbolinks compatibility
Conflicts:
src/Symfony/Component/Form/Tests/Extension/Validator/Constraints/FormValidatorTest.php
* 2.4:
[Form] Removed constructor argument from FormTypeHttpFoundationExtension for forward compatibility with 2.5
[Validator] Simplified testing of violations
remove obsolete test file
[FrameworkBundle] output failed matched path for clarification
bug #10242 Missing checkPreAuth from RememberMeAuthenticationProvider
[Validator] Fixed StaticMethodLoaderTest to actually test something
[Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
Use request format from request in twig ExceptionController
fixed bug
added the possibility to return null from SimplePreAuthenticationListener
[Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
[Form] Add a form error if post_max_size has been reached.
Response::isNotModified returns true when If-Modified-Since is later than Last-Modified
[WebProfilerBundle] turbolinks compatibility
Conflicts:
src/Symfony/Component/Form/Extension/Core/Type/FormType.php
src/Symfony/Component/Form/Extension/Validator/Constraints/FormValidator.php
src/Symfony/Component/Form/Extension/Validator/Util/ServerParams.php
src/Symfony/Component/Security/Core/Tests/Authentication/Provider/RememberMeAuthenticationProviderTest.php
src/Symfony/Component/Validator/Tests/Constraints/AbstractConstraintValidatorTest.php
* 2.3:
remove obsolete test file
[FrameworkBundle] output failed matched path for clarification
bug #10242 Missing checkPreAuth from RememberMeAuthenticationProvider
[Validator] Fixed StaticMethodLoaderTest to actually test something
[Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
Use request format from request in twig ExceptionController
[Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
[Form] Add a form error if post_max_size has been reached.
Response::isNotModified returns true when If-Modified-Since is later than Last-Modified
[WebProfilerBundle] turbolinks compatibility
Conflicts:
src/Symfony/Component/Form/CHANGELOG.md
src/Symfony/Component/HttpFoundation/Tests/ResponseTest.php
src/Symfony/Component/Security/Core/Tests/Authentication/Provider/RememberMeAuthenticationProviderTest.php
* 2.5:
typo fixed in AbstractProcessTest (getoutput() => getOutput())
Avoid question mark and asterisk in folder names to prevent windows filesystem issues.
[Translation] [Config] Clear libxml errors after parsing XML file
check for the Validator if forms are enabled
Clear json_last_error
Fix JsonSerializable namespace
Catch exceptions to restore the error handler
[HttpFoundation] Silent only JSON errors
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] fixed some volatile tests
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | see #11588
| License | MIT
| Doc PR | n/a
Commits
-------
00c1b75 [Process] fixed some volatile tests
974bf01 [HttpKernel] fixed a volatile test
6020c43 [HttpFoundation] fixed some volatile tests
* 2.5: (43 commits)
[Form] Fix PHPDoc for builder setData methods The underlying data variable is typed as mixed whereas the methods paramers where typed as array.
fixed CS
[Intl] Improved bundle reader implementations
[Console] guarded against invalid aliases
switch before_script to before_install and script to install
fixed typo
[HttpFoundation] Request - URI - comment improvements
[Validator] The ratio of the ImageValidator is rounded to two decimals now
[Security] Added more tests
remove `service` parameter type from XSD
[Intl] Added exception handler to command line scripts
[Intl] Fixed a few bugs in TextBundleWriter
[Intl] Updated icu.ini up to ICU 53
[Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
Use separated function to resolve command and related arguments
[SwiftmailerBridge] Bump allowed versions of swiftmailer
[FrameworkBundle] Remove invalid markup
[Intl] Added "internal" tag to all classes under Symfony\Component\Intl\ResourceBundle
Remove routes for removed WebProfiler actions
[Security] Fix usage of unexistent method in DoctrineAclCache.
...
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Component/HttpKernel/HttpCache/Esi.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Translation/Tests/Dumper/XliffFileDumperTest.php
src/Symfony/Component/Yaml/Parser.php
src/Symfony/Component/Yaml/Tests/InlineTest.php
* 2.4: (39 commits)
[Form] Fix PHPDoc for builder setData methods The underlying data variable is typed as mixed whereas the methods paramers where typed as array.
fixed CS
[Intl] Improved bundle reader implementations
[Console] guarded against invalid aliases
switch before_script to before_install and script to install
fixed typo
[HttpFoundation] Request - URI - comment improvements
[Validator] The ratio of the ImageValidator is rounded to two decimals now
[Security] Added more tests
remove `service` parameter type from XSD
[Intl] Added exception handler to command line scripts
[Intl] Fixed a few bugs in TextBundleWriter
[Intl] Updated icu.ini up to ICU 53
[Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
Use separated function to resolve command and related arguments
[SwiftmailerBridge] Bump allowed versions of swiftmailer
[FrameworkBundle] Remove invalid markup
[Intl] Added "internal" tag to all classes under Symfony\Component\Intl\ResourceBundle
Remove routes for removed WebProfiler actions
[Security] Fix usage of unexistent method in DoctrineAclCache.
...
Conflicts:
.travis.yml
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Process/PhpExecutableFinder.php
* 2.3: (35 commits)
[Form] Fix PHPDoc for builder setData methods The underlying data variable is typed as mixed whereas the methods paramers where typed as array.
fixed CS
[Intl] Improved bundle reader implementations
[Console] guarded against invalid aliases
switch before_script to before_install and script to install
fixed typo
[HttpFoundation] Request - URI - comment improvements
[Security] Added more tests
remove `service` parameter type from XSD
[Intl] Added exception handler to command line scripts
[Intl] Fixed a few bugs in TextBundleWriter
[Intl] Updated icu.ini up to ICU 53
[Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
Use separated function to resolve command and related arguments
[SwiftmailerBridge] Bump allowed versions of swiftmailer
[FrameworkBundle] Remove invalid markup
[Intl] Added "internal" tag to all classes under Symfony\Component\Intl\ResourceBundle
Remove routes for removed WebProfiler actions
[Security] Fix usage of unexistent method in DoctrineAclCache.
backport more error information from 2.6 to 2.3
...
Conflicts:
.travis.yml
src/Symfony/Component/DependencyInjection/Loader/YamlFileLoader.php
src/Symfony/Component/DependencyInjection/Tests/Loader/XmlFileLoaderTest.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Process/PhpExecutableFinder.php
* 2.5: (23 commits)
[HttpKernel] fixed some unit tests for 2.4 (signature now uses SHA256 instead of MD5)
[HttpKernel] simplified code
[HttpKernel] fixed internal fragment handling
fixing yaml indentation
Unexpexted ));"
[WebProfiler] replaced the import/export feature from the web interface to a CLI tool
Forced all fragment uris to be signed, even for ESI
Add tests and more assertions
[FrameworkBundle][Translator] Validate locales.
[HttpFoundation] added some missing tests
[HttpFoundation] Improve string values in test codes
[Security] Add more tests for StringUtils::equals
fix comment: not fourth but sixth argument
fixing typo in a comment
[FrameworkBundle] fixed CS
[FrameworkBundle] PhpExtractor bugfix and improvements
[Finder] Fix findertest readability
[Filesystem] Add FTP stream wrapper context option to enable overwrite (override)
fix parsing of Authorization header
Test examples from Drupal SA-CORE-2014-003
...
Conflicts:
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/admin.html.twig
src/Symfony/Component/Filesystem/Filesystem.php
src/Symfony/Component/HttpKernel/Fragment/EsiFragmentRenderer.php
* 2.4: (21 commits)
[HttpKernel] fixed some unit tests for 2.4 (signature now uses SHA256 instead of MD5)
[HttpKernel] simplified code
[HttpKernel] fixed internal fragment handling
fixing yaml indentation
[WebProfiler] replaced the import/export feature from the web interface to a CLI tool
Forced all fragment uris to be signed, even for ESI
Add tests and more assertions
[FrameworkBundle][Translator] Validate locales.
[HttpFoundation] added some missing tests
[HttpFoundation] Improve string values in test codes
[Security] Add more tests for StringUtils::equals
fix comment: not fourth but sixth argument
fixing typo in a comment
[FrameworkBundle] fixed CS
[FrameworkBundle] PhpExtractor bugfix and improvements
[Finder] Fix findertest readability
[Filesystem] Add FTP stream wrapper context option to enable overwrite (override)
fix parsing of Authorization header
Test examples from Drupal SA-CORE-2014-003
Fix potential DoS when parsing HOST
...
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Tests/Translation/TranslatorTest.php
src/Symfony/Bundle/FrameworkBundle/Translation/Translator.php
* 2.3:
[HttpKernel] fixed internal fragment handling
fixing yaml indentation
[WebProfiler] replaced the import/export feature from the web interface to a CLI tool
Forced all fragment uris to be signed, even for ESI
Add tests and more assertions
[FrameworkBundle][Translator] Validate locales.
[HttpFoundation] added some missing tests
[HttpFoundation] Improve string values in test codes
fix comment: not fourth but sixth argument
fixing typo in a comment
[FrameworkBundle] fixed CS
[FrameworkBundle] PhpExtractor bugfix and improvements
[Finder] Fix findertest readability
[Filesystem] Add FTP stream wrapper context option to enable overwrite (override)
fix parsing of Authorization header
Test examples from Drupal SA-CORE-2014-003
Fix potential DoS when parsing HOST
Made optimization deprecating modulus operator
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/config/esi.xml
src/Symfony/Component/HttpFoundation/Request.php
src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
src/Symfony/Component/HttpKernel/Fragment/EsiFragmentRenderer.php
This PR was merged into the 2.3 branch.
Discussion
----------
n/a
n/a
Commits
-------
9e1bc22 Add tests and more assertions
101a3b7 [FrameworkBundle][Translator] Validate locales.
This PR was merged into the 2.3 branch.
Discussion
----------
n/a
n/a
Commits
-------
3b4046e [HttpFoundation] added some missing tests
cefe237 fix parsing of Authorization header
This PR was merged into the 2.3 branch.
Discussion
----------
n/a
n/a
Commits
-------
1ee96a8 Test examples from Drupal SA-CORE-2014-003
5506ee8 Fix potential DoS when parsing HOST
