This PR was merged into the 2.3 branch.
Discussion
----------
n/a
n/a
Commits
-------
d320d27 [HttpKernel] Do not call the FragmentListener if _controller is already defined
This PR was submitted for the 2.7 branch but it was merged into the 2.3 branch instead (closes#14757).
Discussion
----------
[Validators] Missing translations for arabic language.
| Q | A
| ---| ---------
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | none
| License | MIT
| Doc PR | none
This pull request is for adding missing translations in validators.ar.xlf.
Commits
-------
9a26e4b [Validators] Missing translations for arabic language.
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#14735).
Discussion
----------
[HttpKernel][Bundle] Check extension implements ExtensionInterface
- Avoid fatal errors on line 89 (calling getAlias on objects of
unknown type).
- Help developers solve problems with their extensions
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
b6e0a92 [HttpKernel][Bundle] Check extension implements ExtensionInterface
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Check instance of FormBuilderInterface instead of FormBuilder
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14714
| License | MIT
| Doc PR | -
Commits
-------
44469d0 Check instance of FormBuilderInterface instead of FormBuilder
This PR was merged into the 2.3 branch.
Discussion
----------
[Intl/DateFormatter] Fix typo unitialized vs. uninitialized
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
unitialized vs. uninitialized
Commits
-------
6ac8d29 Fix typo
This PR was squashed before being merged into the 2.3 branch (closes#14670).
Discussion
----------
[Security] TokenBasedRememberMeServices test to show why encoding username is required
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14577
| License | MIT
| Doc PR | no
241538d shows that it's not actually tested, 257b796 reimplements it with test.
I can remove the POC commit if it's not needed.
Commits
-------
63a9736 [Security] TokenBasedRememberMeServices test to show why encoding username is required
This PR was squashed before being merged into the 2.3 branch (closes#14678).
Discussion
----------
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14577
| License | MIT
| Doc PR | no
`AbstractRememberMeServices::encodeCookie()` guards against `COOKIE_DELIMITER` in `$cookieParts`.
* it would make `AbstractRememberMeServices::cookieDecode()` broken
* all current extending classes do it anyway (see #14670 )
* added tests – it's not a public method, but it is expected to be used by user implementations – as such, it's good to know that it works properly
Commits
-------
464c39a [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Handle an array vary header in the http cache store
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12118
| License | MIT
| Doc PR | -
Commits
-------
5930800 [HttpKernel] Handle an array vary header in the http cache store
This PR was submitted for the 2.7 branch but it was merged into the 2.3 branch instead (closes#14513).
Discussion
----------
[console][formater] allow format toString object.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Fixed tickets | ~
| Tests pass? | yes
| License | MIT
reported by @micayael ( https://twitter.com/juanardissone/status/593859683502325761 )
Commits
-------
70b4964 [console][formater] allow format toString object.
This PR was squashed before being merged into the 2.3 branch (closes#14335).
Discussion
----------
[HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13617
| License | MIT
| Doc PR |
When the script filename is just /index.php, dirname() returns '/' for it. In Request::prepareBaseUrl() we append '/' to it (as introduced in #13039), which is wrong in this scenario as the resulting string is '//'.
When we rtrim('/') the output of dirname() then '/' would be constructed in this case, and in all other cases it makes no difference as dirname() already trims the right forward slash if there are path segments.
The test-cases should clarify the exact scenario.
Commits
-------
f24a6dd [HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
This PR was submitted for the 2.7 branch but it was merged into the 2.3 branch instead (closes#14593).
Discussion
----------
[Security][Firewall] Avoid redirection to XHR URIs
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
If `security.firewalls.main.form_login.always_use_default_target_path` is false, an user could be redirected to an URL called by an AJAX request after the login.
Commits
-------
9ee74ea Avoid redirection to XHR URIs
This PR was merged into the 2.3 branch.
Discussion
----------
[DomCrawler] Throw an exception if a form field path is incomplete
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11807
| License | MIT
| Doc PR | -
Commits
-------
991e65c [DomCrawler] Throw an exception if a form field path is incomplete.
This PR was merged into the 2.3 branch.
Discussion
----------
[Console] Delete duplicate test in CommandTest
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
The __get method is not implemented in the Command class, and the deleted test was duplicated with the preceding one.
Commits
-------
4a4eda9 [Console] Delete duplicate test in CommandTest
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] Fix HTML escaping of to-source links
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
385a6b7 Fix HTML escaping of to-source links
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#14690).
Discussion
----------
[HttpFoundation] IpUtils::checkIp4() should allow `/0` networks
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14674
| License | MIT
Technically it's a breaking change, since the result of the
IpUtils::checkIp4('1.2.3.4', '0.0.0.0/0')
call was `false` now `true`.
Practically - no one should ever relied on this since it's simply wrong
Commits
-------
921ecff [HttpFoundation] IpUtils::checkIp4() should allow networks
This PR was submitted for the 2.7 branch but it was merged into the 2.3 branch instead (closes#14681).
Discussion
----------
[FrameworkBundle] Removed unnecessary parameter in TemplateController
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | They should
| License | MIT
`Response::setPublic()` doesn't have any parameters, so this parameter call is not needed.
Commits
-------
7a4394e [FrameworkBundle] Removed unnecessary parameter in TemplateController
This PR was submitted for the 2.7 branch but it was merged into the 2.3 branch instead (closes#14262).
Discussion
----------
[TwigBundle] Refresh twig paths when resources change.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Fixed tickets | ~
| Tests pass? | yes
| License | MIT
Commits
-------
cafb0d7 [TwigBundle] Refresh twig paths when resources change.
This PR was merged into the 2.3 branch.
Discussion
----------
[ServerBag] Handled bearer authorization header in REDIRECT_ form
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Apache rewrite module renames client request
header (`HTTP_`) by prepending `REDIRECT_` to
it. http basic authentication and http digest
authentication are properly processed in
REDIRECT_ form, while bearer is processed in
HTTP_ form, but dropped in REDIRECT_ form.
Example:
The following auth headers are handled in ServerBag,
```
HTTP_AUTHORIZATION => Basic aGVsbG86d29ybGQ=
REDIREDCT_HTTP_AUTHOIZATION => Basic aGVsbG86d29ybGQ=
HTTP_AUTHORIZATION => Digest blah
REDIRECT_HTTP_AUTHORIZATION => Digest blah
HTTP_AUTHORIZATION => Bearer mF_9.B5f-4.1JqM
```
while
```
REDIRECT_HTTP_AUTHORIZATION => Bearer mF_9.B5f-4.1JqM
```
is dropped.
Commits
-------
7b2e2df Handled bearer authorization header in REDIRECT_ form
This PR was submitted for the 2.7 branch but it was merged into the 2.3 branch instead (closes#13637).
Discussion
----------
[CSS] WebProfiler break words
WebProfiler CSS word-break: break-all;
Do you need more description ?
Commits
-------
7259d72 WebProfiler break words
This PR was merged into the 2.3 branch.
Discussion
----------
[Framework] added test for router commands.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Fixed tickets | ~
| Tests pass? | yes
| License | MIT
- [x] router:debug
- [x] router:match
Commits
-------
6d403a7 [Framework] added test for Router commands.
This PR was merged into the 2.3 branch.
Discussion
----------
[Security][Translation] fixes#14584
| Q | A
| ------------- | ---
| Fixed tickets | #14584
| License | MIT
Some french translations are wrong in the security component.
As #14587 has been closed here's my fix.
Commits
-------
34c780f [Security][Translation] fixes#14584