This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fix the retrieval of the last username when using forwarding
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
When using forwarding to render the login page (which is not the default), the info are stored in the subrequest attributes rather than the session. ``getLastAuthenticationError`` was handling this properly but ``getLastUsername`` was not checking the attributes.
This fixes it by checking the attributes (I'm checking them before the session, to be consistent with ``getLastAuthenticationError``)
Commits
-------
e041365 Fix the retrieval of the last username when using forwarding
This PR was squashed before being merged into the 2.7 branch (closes#19327).
Discussion
----------
[Yaml] Fix PHPDoc of the Yaml class
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
The YAML dumper is able to serialize any PHP type, not just arrays.
Commits
-------
a3fd991 [Yaml] Fix PHPDoc of the Yaml class
This PR was squashed before being merged into the 2.7 branch (closes#19321).
Discussion
----------
[HttpFoundation] Add OPTIONS and TRACE to the list of safe methods
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
According to [RFC 7231](https://tools.ietf.org/html/rfc7231#section-8.1.3) `OPTIONS` and `TRACE` are safe methods.
Commits
-------
1404607 [HttpFoundation] Add OPTIONS and TRACE to the list of safe methods
This PR was merged into the 2.7 branch.
Discussion
----------
[BrowserKit] Update Client::getAbsoluteUri() for query string only URIs
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19303
| License | MIT
| Doc PR | -
This PR allows BrowserKit to treat a value containing only query string parameters the same way anchor/hash values are treated when passed as a URI argument to the getAbsoluteUri() method. Helps when encountering sites that force a redirect with a location header value containing only a query string.
Commits
-------
965408f Update getAbsoluteUri() for query string uris
This PR was merged into the 2.7 branch.
Discussion
----------
[ClassLoader] Fix declared classes being computed when not needed
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
d513eae [ClassLoader] Fix declared classes being computed when not needed
This PR was merged into the 2.7 branch.
Discussion
----------
[Validator] Added additional MasterCard range to the CardSchemeValidator
From October 2016 MasterCard will introduce a new card range, 222100 through 272099.
See: https://www.mctestcards.com/ (click the help in top right)
This implements the additional regex for validation to succeed, and some additional unit tests for this new range.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
4d68f56 [Validator] Added additional MasterCard range to the CardSchemeValidator
This PR was squashed before being merged into the 2.7 branch (closes#19290).
Discussion
----------
[HttpKernel] fixed internal subrequests having an if-modified-since-header
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
As the InlineFragmentRenderer has no access to a cached copy of a subrequest's target and hence couldn't handle a response with a HTTP status code of 304 (not modified), it makes no sense to send an if-not-modified-since header.
Commits
-------
e90038c [HttpKernel] fixed internal subrequests having an if-modified-since-header
From October 2016 MasterCard will introduce a new card range,
222100 through 272099.
See: https://www.mctestcards.com/ (click the help in top right)
Implements unit tests and validation for this new card range.
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#19310).
Discussion
----------
Make the exception message more clear.
| Q | A
| ------------- | ---
| Branch? | "master"
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
A small change that makes the error message more clear. If your property is named "type", "value" or something similar it is not obvious that we refer to the property name.
See example: https://github.com/schmittjoh/JMSTranslationBundle/issues/373
Commits
-------
6344ccd Make the exception message more clear.
This PR was merged into the 2.7 branch.
Discussion
----------
removed @since
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
`@since` is not an annotation we use in Symfony, so let's remove the exiting ones.
Commits
-------
5d6f6aa removed @since
This PR was merged into the 2.7 branch.
Discussion
----------
[Validator] [Security] Remove unrelevant comments in Security and Validator components
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
2cec4a6 Remove and change unrelevant comments in Validator and Security components.
This PR was merged into the 2.7 branch.
Discussion
----------
[Validator] make UuidValidator class formatting consistent.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
3cc2f10 [Validator] make UuidValidator class formatting consistent.
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#19186).
Discussion
----------
Fix for #19183 to add support for new PHP MongoDB extension in sessions.
| Q | A
| ------------- | ---
| Branch? | 3.0
| Bug fix? | yes
| New feature? | yes (ish)
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | #19183
| License | MIT
| Doc PR |
Commits
-------
ebbc706 Fix for #19183 to add support for new PHP MongoDB extension in sessions.
This PR was squashed before being merged into the 2.7 branch (closes#19243).
Discussion
----------
Fixed typos in the expectedException annotations
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
PHPUnit ignores any imports when resolving these. You must always reference the FQCN.
Commits
-------
b36de36 Fixed typos in the expectedException annotations
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] Move handling of conflicting origin IPs to catch block
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19217
| License | MIT
| Doc PR | -
Commits
-------
db84101 [HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
1f00b55 [HttpKernel] Move conflicting origin IPs handling to catch block
This PR was merged into the 2.7 branch.
Discussion
----------
[travis] Fix deps=low/high patching
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Deps=low/high are broken since we added depth=1 to the git checkout on travis...
This fixes the situation and ensures it won't happen again by adding a missing error check.
Commits
-------
5ec92e8 [travis] Fix deps=low/high patching
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] Inline ValidateRequestListener logic into HttpKernel
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #18688#19216
| License | MIT
| Doc PR | -
I propose to inline the listener introduced in #18688 into HttpKernel.
Commits
-------
9d3ae85 [HttpKernel] Inline ValidateRequestListener logic into HttpKernel
