This PR was merged into the 2.1 branch.
Commits
-------
00fbb7e [Form] Added test for "label" option to accept the value "0"
Discussion
----------
[Form] Added test for "label" option to accept the value "0"
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6862
| License | MIT
| Doc PR | -
This PR was submitted for the master branch but it was merged into the 2.1 branch instead (closes#7149).
Commits
-------
0c25d41 Expanded fault-tolerance for unusual cookie dates
Discussion
----------
Expanded fault-tolerance for unusual cookie dates
Building on pull #1793, this resolves situations where the Cookie's date field uses a numeric month. Also, expanding on the 7 most typical formats we fall-back to date_create() before throwing an exception.
---------------------------------------------------------------------------
by vicb at 2013-02-21T17:30:28Z
Please add some unit tests for the new formats.
---------------------------------------------------------------------------
by ecaron at 2013-02-21T18:06:46Z
Sorry for neglecting the unit tests, they've been updated (2 matching new common date formats, 1 uncommon date format, and changing the existing bad-date check to be more realistically bad.)
I also changed from strtotime to date_create to match the existing DateTime::createFromFormat check (although in my cookiejar analysis leading to this pull requests, all the cookies I'd encountered had timezones in them.) I'm using date_create vs. constructing a DateTime so I can immediately rely on the return value.
---------------------------------------------------------------------------
by ecaron at 2013-02-21T18:21:03Z
@vicb The two Travis failures are against the master branch unrelated to my changes. Should I retarget this pull against 2.3, or what would you advise to get this pull accepted?
---------------------------------------------------------------------------
by vicb at 2013-02-21T19:40:59Z
The Travis failure come for a bug in PHPUnit (there is a Sf issue for that).
There is no 2.3 branch yet (devs happen in master).
@fabpot will decide wether this should be considered a a fix (and merge to former releases) or an enhancement which will be merged to 2.3.
_(Could you please update the PR header which still refers to strtotime, thanks)_
---------------------------------------------------------------------------
by fabpot at 2013-02-21T21:37:15Z
This should probably go into 2.0. Also, do you have a reference where those 7 formats are explained/described?
---------------------------------------------------------------------------
by ecaron at 2013-02-21T23:10:38Z
@fabpot I couldn't find a reference because the cookies that we're addressing are ones that are behaving outside the spec (at least what I understand from http://curl.haxx.se/rfc/cookie_spec.html), as pull #1793 began to address and this continues. The cases that I've added are ones that I have encountered over the weeks of using BrowserKit and Goutte.
This PR was submitted for the master branch but it was merged into the 2.1 branch instead (closes#7151).
Commits
-------
766e987 Fix docblock type
Discussion
----------
Fix docblock type
This PR was merged into the 2.0 branch.
Commits
-------
f8812b2 [Form] Fixed "label" option to accept the value "0"
Discussion
----------
[Form] Fixed "label" option to accept the value "0"
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6862
| License | MIT
| Doc PR | -
@fabpot: This commit will cause troubles when merging 2.0 into 2.1 and up. Tell me if you need help upon conflict resolution.
This PR was merged into the 2.2 branch.
Commits
-------
54d7d25 [HttpKernel] hinclude fragment renderer must escape URIs properly to return valid html
Discussion
----------
[HttpKernel] hinclude fragment renderer must escape URIs properly to return valid html
| Q | A
| ------------- | ---
| Bug fix? | [yes]
| New feature? | [no]
| BC breaks? | [no]
| Deprecations? | [no]
| Tests pass? | [yes]
| Fixed tickets | [-]
| License | MIT
| Doc PR | [-]
Since rendering of hinclude fragments returns html/xml, it is marked as safe. So it's not auto-escaped of course. But that means it must properly escape it's input (the URI) when outputting in html context.
Btw, this does not need to be done for esi because esi tags are processed in middleware which do not go to the client/browser.
---------------------------------------------------------------------------
by Koc at 2013-02-15T22:59:05Z
Will it works correct when `arg_separator.output="&"`?
---------------------------------------------------------------------------
by stof at 2013-02-15T23:04:01Z
if your url comes form the routing, yes. It [does not rely on the default separator](https://github.com/symfony/Routing/blob/master/Generator/UrlGenerator.php#L265) to avoid issues when the separator is configured to ``&`` as it would have been escaped again in Twig templates for instance.
---------------------------------------------------------------------------
by fabpot at 2013-02-16T07:26:19Z
Can you include the proper PR header in the description? Thanks.
---------------------------------------------------------------------------
by Tobion at 2013-02-16T12:28:18Z
Added.
This PR was merged into the 2.2 branch.
Commits
-------
171cff0 [FrameworkBundle] Fix a BC for Hinclude global template
Discussion
----------
[FrameworkBundle] Fix a BC break for Hinclude global template
@fabpot should the one who broke BC write a UT for this ? (I won't have time in the next few days).
This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes#7120).
Commits
-------
e5f063c Added greek translation
Discussion
----------
Created validators.el.xlf
Greek translation of validators
This PR was squashed before being merged into the master branch (closes#5838).
Commits
-------
201f3e6 [Form] Fixed cannot unset string offsets in CsrfValidationListener
Discussion
----------
[Form] Fixed cannot unset string offsets in CsrfValidationListener
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
A php fatal error is happening when someone rewrite the entire form data for an object with a single input.
```
Fatal error: Cannot unset string offsets in vendor/symfony/symfony/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php on line 72
```
Example:
```html
<form action="/app_dev.php/post/create" method="post" >
<div id="posttype">
<div>
<label for="posttype_name" class="required">Name</label>
<input type="text" id="posttype_name" name="posttype[name]" required="required" maxlength="255" />
</div>
<div>
<label for="posttype_text" class="required">Text</label>
<textarea id="posttype_text" name="posttype[text]" required="required"></textarea>
</div>
<input type="hidden" id="posttype__token" name="posttype[_token]" value="83a1617c694fbdea43c2527f1a55c7419ce82a42" /></div>
<p>
<button type="submit">Create</button>
</p>
</form>
```
If someone alters the html to add a simple input at the bottom of the form like this one:
```html
<input type="text" id="posttype" name="posttype" value="test123" />
```
The result will be a php fatal error.
---------------------------------------------------------------------------
by bschussek at 2012-10-26T09:49:05Z
Thank you for the pull request! Could you please reference the pull request in the test?
```php
// https://github.com/symfony/symfony/pull/5838
public function testStringFormData()
{
...
```
---------------------------------------------------------------------------
by jfcixmedia at 2012-10-26T10:21:29Z
@bschussek Added, thanks.
This PR was merged into the 2.1 branch.
Commits
-------
3e40c17 [HttpKernel] fixed locale management when exiting sub-requests
Discussion
----------
[HttpKernel] fixed locale management when exiting sub-requests
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7063
| License | MIT
| Doc PR | n/a
This fix is temporary as #7007 will fix it properly in Symfony 2.3.
---------------------------------------------------------------------------
by vicb at 2013-02-17T20:17:44Z
changelog ?
---------------------------------------------------------------------------
by fabpot at 2013-02-17T20:27:22Z
The changelogs are updated when we release a new version only.
---------------------------------------------------------------------------
by stof at 2013-02-17T20:41:00Z
@fabpot the intl locale should be reset to the right value too
---------------------------------------------------------------------------
by stof at 2013-02-17T20:42:31Z
hmm sorry, I missed the fact that you are changing the locale in the Request again, which will set the intl one
This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes#7114).
Commits
-------
4680d87 Removed some leaking deprecation warning in the Form component
Discussion
----------
Removed some leaking deprecation warning in the Form component
| Q | A
| ------------- | ---
| Fixed tickets | #7101
| License | MIT
I have removed the error handler in the integration test case so that the testsuite can show any leaked deprecation message from the core and replaced deprecated methods in the type testcases.
This keeps only 2 cases where the handlign was needed: the test ensuring the BC for ``property_path``, and the code triggering #7101 because of its BC call
---------------------------------------------------------------------------
by stof at 2013-02-18T22:41:56Z
hmm, wrong target. My branch is actually based on the 2.2 branch. @fabpot is it good for you or should I reopen it to the appropriate branch ?
* 2.2: (22 commits)
[Process] Fix regression introduced in #6620 / 880da01c49, fixes#7082
[HttpKernel] added a unit for the previous commit (closes#7025)
[HttpFoundation] fixed, overwritten CONTENT_TYPE
[BrowserKit] fixed test added in the previous merge (refs #7059)
[FrameworkBundle] tweaked reference dumper command (see #7093)
Remove unnecessary comment and change test name
[Config] tweaked dumper to indent multi-line info
[HttpKernel] added some tests for previous merge
Fix REMOTE_ADDR for cached subrequests
[FrameworkBundle] CSRF should be on by default
[WebProfilerBundle] removed dependency on FrameworkBundle (closes#6949)
[HttpKernel] added error display suppression when using the ErrorHandler (if not, errors are displayed twice, refs #6254)
[HttpFoundation] tweaked previous merge
[HttpFoundation] Added getter for httpMethodParameterOverride state
Create validators.lv.xlf
[Process] Warn user with a useful message when tmpfile() failed
[BrowserKit] added a test to make sure HTTP authentication is preserved when submitting a form
Remove array type hint from GetResponseForControllerResultEvent::setControllerResult()
bumped Symfony version to 2.2.0-DEV
Revert "merged branch povilas/issue_6101 (PR #6708)"
...
This PR was merged into the 2.0 branch.
Commits
-------
179cd58 [Process] Fix regression introduced in #6620 / 880da01c49, fixes#7082
Discussion
----------
[Process][2.0] getcwd failure fix
Fix regression introduced in #6620Fixes#7082
For reference, here is the current behavior I saw:
PHP 5.4.11, windows:
```
5.4.11\php.exe -r "chdir('c:\\'); var_dump(getcwd()); $p = proc_open('pwd', [['pipe', 'r'], ['pipe', 'w'], ['pipe', 'w']], $pipes, null); var_dump(stream_get_contents($pipes[1]));"
string(3) "C:\\"
string(14) "/c/Users/seld\n"
```
(I use pwd which is a unix util so it dumps a funny path, but don't look at that)
PHP 5.5alpha4, windows (seems fixed):
```
5.5.0a4\php.exe -r "chdir('c:\\'); var_dump(getcwd()); $p = proc_open('pwd', [['pipe', 'r'], ['pipe', 'w'], ['pipe', 'w']], $pipes, null); var_dump(stream_get_contents($pipes[1]));"
string(3) "C:\"
string(3) "/c\n"
```
PHP 5.3.10, ubuntu:
```
php -r "chdir('/'); var_dump(getcwd()); \$p = proc_open('pwd', array(array('pipe', 'r'), array('p
ipe', 'w'), array('pipe', 'w')), \$pipes, null); var_dump(stream_get_contents(\$pipes[1]));"
string(1) "/"
string(2) "/\n"
```
Since the permission issue that #6620 originally was fixing is most likely not gonna happen on windows, this seems like a safe enough compromise. Ideally a check for PHP<5.5 should be introduced, but I would like to be sure it's been fixed and is not just a lucky coincidence (/cc @PierreJoye)
I would recommend merging fast and maybe adding the version check later, since it breaks composer create-project on windows. The workaround being: cd in the dir and run `composer install` again to finalize the project setup.
---------------------------------------------------------------------------
by vicb at 2013-02-17T20:12:17Z
Thanks @Seldaek !
Would you mind creating an issue for the version check so that it doesn't get lost ?
---------------------------------------------------------------------------
by Seldaek at 2013-02-18T10:43:56Z
@vicb done.
---------------------------------------------------------------------------
by vicb at 2013-02-18T11:45:16Z
thanks !
This PR was merged into the 2.2 branch.
Commits
-------
a313188 added a proper setter for the templating servicein HInclude
Discussion
----------
added a proper setter for the templating servicein HInclude
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
---------------------------------------------------------------------------
by stof at 2013-02-17T12:44:40Z
👍
This PR was merged into the 2.2 branch.
Commits
-------
738de9a [HttpKernel] added a unit for the previous commit (closes#7025)
d0e4b76 [HttpFoundation] fixed, overwritten CONTENT_TYPE
Discussion
----------
Fixed content type when passed as a server value
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7025
| License | MIT
| Doc PR | n/a
---------------------------------------------------------------------------
by stof at 2013-02-17T14:51:35Z
👍
* 2.1:
[FrameworkBundle] tweaked reference dumper command (see #7093)
[HttpKernel] added some tests for previous merge
Fix REMOTE_ADDR for cached subrequests
[Process] Warn user with a useful message when tmpfile() failed
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ConfigDumpReferenceCommand.php
This PR was merged into the 2.1 branch.
Commits
-------
18b139d [FrameworkBundle] tweaked reference dumper command (see #7093)
Discussion
----------
[FrameworkBundle] tweaked reference dumper command (see #7093)
The same as #7093 just for 2.1.
This PR was merged into the 2.2 branch.
Commits
-------
b240d1f [BrowserKit] added a test to make sure HTTP authentication is preserved when submitting a form
Discussion
----------
[WIP]BrowserKit] added a test to make sure HTTP authentication is preserved
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets |
| License | MIT
| Doc PR |
Since #6995 BrowseKit no longer seems to preserve the HTTP authentication when submitting a form. This PR adds a test to demonstrate the failure.
---------------------------------------------------------------------------
by vicb at 2013-02-13T12:49:16Z
Thanks. Could you add a "[WIP]" prefix to the PR tittle and set "bug fix" to "no" for now ?
---------------------------------------------------------------------------
by sstok at 2013-02-13T13:59:42Z
done 👍
---------------------------------------------------------------------------
by fabpot at 2013-02-17T12:49:35Z
This cannot be related to #6995 as your test does not involve any HttpFoundation classes.
This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes#7054).
Commits
-------
26b5b60 [Form] Remove unnecessary comment and change test name
Discussion
----------
[Form] Remove unnecessary comment and change test name
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | none
This PR was merged into the 2.2 branch.
Commits
-------
cb319ac [HttpKernel] added error display suppression when using the ErrorHandler (if not, errors are displayed twice, refs #6254)
Discussion
----------
[HttpKernel] added error display suppression when using the ErrorHandler (if not, errors are displayed twice, refs #6254)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
---------------------------------------------------------------------------
by bamarni at 2013-02-15T10:15:29Z
Are you sure this fixes the twice displaying issue? This is already done here : https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpKernel/Kernel.php#L99
Fatal errors are displayed twice in some situations because this handler gets registered twice, and it registers 2 times the same shutdown callback, a few lines below your change.
---------------------------------------------------------------------------
by fabpot at 2013-02-15T10:21:39Z
No, I've closed this #6254 as this is an Assetic issue, not a Symfony one.
This PR was squashed before being merged into the 2.2 branch (closes#7093).
Commits
-------
609636e [Config] tweaked dumper to indent multi-line info
Discussion
----------
[Config] tweaked dumper to indent multi-line info
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Little cosmetic tweak.
before:
```yaml
# router configuration
router:
resource: ~ # Required
type: ~
http_port: 80
https_port: 443
# set to true to throw an exception when a parameter does not match the requirements
set to false to disable exceptions when a parameter does not match the requirements (and return null instead)
set to null to disable parameter checks against requirements
'true' is the preferred configuration in development mode, while 'false' or 'null' might be preferred in production
strict_requirements: true
# session configuration
session:
```
after:
```yaml
# router configuration
router:
resource: ~ # Required
type: ~
http_port: 80
https_port: 443
# set to true to throw an exception when a parameter does not match the requirements
# set to false to disable exceptions when a parameter does not match the requirements (and return null instead)
# set to null to disable parameter checks against requirements
# 'true' is the preferred configuration in development mode, while 'false' or 'null' might be preferred in production
strict_requirements: true
# session configuration
```
---------------------------------------------------------------------------
by stof at 2013-02-17T01:49:27Z
could you add a testcase ?
---------------------------------------------------------------------------
by 1ed at 2013-02-17T05:15:10Z
This class had no tests at all, so I thought it's not important... I added one but I have not much experience in writing tests. Is it adequate?
I realized that the new numeric node type not supperted by the dumper at all.
---------------------------------------------------------------------------
by stof at 2013-02-17T11:27:43Z
looks good to me. However, you should edit the PR description: this is a bugfix
---------------------------------------------------------------------------
by 1ed at 2013-02-17T11:32:07Z
@stof done. Thanks!
---------------------------------------------------------------------------
by stof at 2013-02-17T11:41:44Z
@fabpot this should even go into 2.1 as it is a bugfix
---------------------------------------------------------------------------
by 1ed at 2013-02-17T11:44:08Z
@stof there is no ReferenceDumper class in 2.1
---------------------------------------------------------------------------
by stof at 2013-02-17T12:23:44Z
ah, it was directly in the command in 2.1. But the bug should still be fixed IMO
This PR was submitted for the 2.2 branch but it was merged into the 2.1 branch instead (closes#7092).
Commits
-------
187645f Fix REMOTE_ADDR for cached subrequests
Discussion
----------
[HttpKernel/HttpCache] Fix "REMOTE_ADDR" for cached subrequests
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | none that I know of
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | 7091
| License | MIT
I moved the code that modifies the REMOTE_ADDR variable further up the chain so that cached subrequests also receive the local IP address. Before, only new subrequests received the local IP address and cached ones received the original IP, which made "validateRequest" in FragmentListener fail.
Please review. I'm not sure about side-effects of this patch, including possible security issues.
Fixes #7091
---------------------------------------------------------------------------
by bamarni at 2013-02-16T11:49:27Z
@fabpot rejected setting this on the master request, so you should do it on the ```forward()``` method instead.
---------------------------------------------------------------------------
by mweimerskirch at 2013-02-16T12:13:46Z
@bamarni @fabpot done