This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#12491).
Discussion
----------
[Security] Don't send remember cookie for sub request
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Remember cookie shouldn't be sent for sub request
Commits
-------
ec38936 adapted previous commit for 2.3
119b091 [Security] Don't send remember cookie for sub request
This PR was submitted for the 2.5 branch but it was merged into the 2.3 branch instead (closes#12574).
Discussion
----------
[HttpKernel] Fix UriSigner::check when _hash is not at the end of the uri
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I have a weird server installation behind Varnish that rewrite the signed URL to add the _hash at the end of the url queries.
Exemple :
URL called: http://exemple.com/page?foo=bar&_hash=123
URL received by PHP: http://exemple.com/page?_hash=123&foo=bar
When the _hash is not at the end of the URL, the UriSigner fail to verify it even if the _hash is correct.
The fix rewrites the check function to use parse_url and parse_str to analyse the URI and check the signature.
Commits
-------
29b217c [HttpKernel] Fix UriSigner::check when _hash is not at the end of the uri
This PR was merged into the 2.3 branch.
Discussion
----------
[Process] Fixes to executable finder tests
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
A couple of fixes for ExecutableFinder tests:
- Use PHPUnit ini_set wrapper to avoid side effects.
- Skip a test on Windows (similar to an earlier test that was already skipped).
- Removed an unused variable.
Commits
-------
75d0d59 Use PHPUnit ini_set wrapper in tests
99ff8a6 [Process] Added a test skip check for Windows
5a14941 [Process] Removed unused variable assignment
PHPUnit ini_set wrapper is now used in tests to automatically reset
ini settings after the test is run. This avoids possible side effects
and test skipping.
Native ini_set is still used in DefaultCsrfProviderTest, but its
tests are run in isolation.
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] Fixes various phpdoc and coding standards.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
b83da8f Fixes various phpdoc and coding standards.
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] * Happy New Year 2015 *
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
5a121df Updated copyright to 2015
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] for consistency, use value of DIRECTORY_SEPARATOR to detect Windows
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This commit unifies the detection of Windows builds across the Symfony
codebase.
Commits
-------
20a427d use value of DIRECTORY_SEPARATOR to detect Windows
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Remove a redundant test
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
As a result of changing `bind()` to `submit()` in #13161, the `testValidateTokenOnBindIfRootAndCompoundUsesTypeClassAsIntentionIfEmptyFormName()` is exactly the same as `testValidateTokenOnSubmitIfRootAndCompoundUsesTypeClassAsIntentionIfEmptyFormName()`. This makes the form tests to fail on 2.5 branch, as after a merge csrf provider is used instead of the token manager.
Commits
-------
ae10615 [Form] Remove a redundant test.
This PR was merged into the 2.3 branch.
Discussion
----------
Fix the implementation of deprecated Locale classes
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
The ICU component does not exist anymore, but the BC layer was still referencing it.
Commits
-------
eb0637f Fix the implementation of deprecated Locale classes
This PR was merged into the 2.3 branch.
Discussion
----------
Fix phpdoc and coding standards
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
This removes the unused use statements which were not catched by PHP-CS-Fixer because of string occurences. It also fixes some invalid phpdoc (scalar is not recognized as a valid type for instance).
This is complementary to https://github.com/symfony/symfony/pull/13134
Commits
-------
8cc3f6a Fix phpdoc and coding standards
This PR was merged into the 2.3 branch.
Discussion
----------
Remove usages of deprecated constants
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This removes the usage of deprecated constants in our code.
I'm applying this in 2.3 to make merging branches easier. This is especially needed for 2.7 because of deprecation warnings added in #13060 (warnings are triggered in this PR because of these usages)
Commits
-------
6c00c22 Remove usages of deprecated constants
This PR was merged into the 2.3 branch.
Discussion
----------
Update functional tests to use the PSR NullLogger
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This avoids using the deprecated NullLogger in tests.
I'm applying this in 2.3 to make merging branches easier. This is especially needed for 2.7 because of deprecation warnings added in #13060 (tests are failing in this PR currently because of that)
Commits
-------
30cff26 Update functional tests to use the PSR NullLogger
This PR was merged into the 2.3 branch.
Discussion
----------
Replace usages of the deprecated TypeTestCase by the new one
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
I'm applying this in 2.3 to make merging branches easier. This is especially needed for 2.7 because of deprecation warnings added in #13060
Commits
-------
e6fa0ea Replace usages of the deprecated TypeTestCase by the new one
This removes the unused use statements which were not catched by
PHP-CS-Fixer because of string occurences. It also fixes some invalid
phpdoc (scalar is not recognized as a valid type for instance).
This PR was merged into the 2.3 branch.
Discussion
----------
No global state for isolated tests and other fixes
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
By default, phpunit preserves global state for isolated processes. This made the tests break on my laptop.
Other tweaks included.
In branch 2.5, `src/Symfony/Component/Security/Csrf/Tests/TokenStorage/NativeSessionTokenStorageTest.php` also misses the `@preserveGlobalState disabled` annotation. Please add it when merging
Commits
-------
750f3a6 No global state for isolated tests and other fixes
This PR was merged into the 2.3 branch.
Discussion
----------
[TwigBundle] Moved the setting of the default escaping strategy from the Twig engine to the Twig environment
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11773
| License | MIT
| Doc PR | n/a
The default escaping strategy was set on the Twig Engine and not the Twig Environment. That's a problem under some circumstances (like what #11773 describes), but it's also much better to set everything on the Twig Environment directly.
Commits
-------
91b24e8 [TwigBundle] Moved the setting of the default escaping strategy from the Twig engine to the Twig environment
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] fixed error when an IP in the X-Forwarded-For HTTP head...
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
On symfony.com, we have errors related to IP addresses in the `X-Forwarded-For` HTTP header that have a port. If that happens (I have no ideas what is doing that), the page crashes with an error like `inet_pton(): Unrecognized address 187.65.229.211:63479` (which comes from IpUtils::checkIpv6()). This fixes the root cause by removing the port.
#12572 is solving the consequence and I propose to also merge it.
Commits
-------
60ad382 [HttpFoundation] fixed error when an IP in the X-Forwarded-For HTTP header contains a port
This PR was submitted for the 2.7 branch but it was merged into the 2.3 branch instead (closes#12572).
Discussion
----------
[HttpFoundation] fix checkip6
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
I have this error ContextErrorException: Warning: inet_pton(): Unrecognized address X.X.X.X:X
in IpUtils.php line 110
X.X.X.X:X is detected as a ipv6 because HTTP_X_FORWARDED_FOR have a port.
Commits
-------
1da0ba4 [Debug] fix checkip6
This PR was merged into the 2.3 branch.
Discussion
----------
[CssSelector] Use the correct cssselect library name in docblocks.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | #11894
| License | MIT
| Doc PR | -
As suggested in #11894, the original python library is called [cssselect](https://github.com/SimonSapin/cssselect), not cssselector.
I also updated the README, as the cssselect was extracted as an independent library and it's no longer part of lxml.
Commits
-------
55f0d9e Update the note about origins of the CssSelector component.
1997b12 Use the correct cssselect library name in docblocks.
This PR was merged into the 2.3 branch.
Discussion
----------
[travis] reorder matrix + prevent "Killed" jobs
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The new --prefer-lowest matrix line fails randomly with ["Killed" message](http://docs.travis-ci.com/user/common-build-problems/#My-build-script-is-killed-without-any-error).
Lets try reducing concurrency on this one.
The matrix is also reordered so that the slowest lines are started first.
Commits
-------
b1d47e9 [travis] reorder matrix + prevent "Killed" jobs
This PR was merged into the 2.3 branch.
Discussion
----------
[TwigBridge] fix form requirement
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
d9053d9 [TwigBridge] fix form requirement
This PR was merged into the 2.3 branch.
Discussion
----------
[CssSelector] added the license of the Python library we ported to PHP
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11894
| License | MIT
| Doc PR | n/a
Commits
-------
fa36b98 [CssSelector] added the license of the Python library we ported to PHP
