This PR was squashed before being merged into the master branch (closes#7559).
Discussion
----------
[HttpFoundation] [HttpKernel] Internal sub-requests should have X-Forwarded-For header providing real client IP
This is a better alternative to fix issue highlighted in #7554 and #7557.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7554, #7557
| License | MIT
When dealing with inline fragment renderer, it emulates an internal request by overriding the REMOTE_ADDR on Request. This is true, since conceptually request came from local server.
The problem that this introduces is that overriding the server value, it turns into an impossible state to retrieve the real client ip, only returning the local server IP (which is hardcoded to 127.0.0.1).
This patch takes the same approach as a Varnish call (it behaves the exact same way, reusing all code built for handling client ip handling on sub-requests), populating the X-Forwarded-For header and also making getClientIp smarter by removing possible local IP addresses from being considered as the client IP address.
Commits
-------
773e109 [HttpFoundation] [HttpKernel] Internal sub-requests should have X-Forwarded-For header providing real client IP
* 2.2:
[Config] #7644 add tests for passing number looking attributes as strings
[HttpFoundation][BrowserKit] fixed path when converting a cookie to a string
[BrowserKit] removed dead code
[HttpFoundation] fixed empty domain= in Cookie::__toString()
fixed detection of secure cookies received over https
[2.2] Pass ESI header to subrequests
[Translation] removed an uneeded class property
[Translation] removed unneeded getter/setter
[Translator] added additional conversion for encodings other than utf-8
fixed source messages to accept pluralized messages [Validator][translation][japanese] add messages for new validator
fix a DI circular reference recognition bug
[HttpFoundation] fixed the creation of sub-requests under some circumstances for IIS
Conflicts:
src/Symfony/Component/HttpFoundation/Tests/CookieTest.php
This PR was squashed before being merged into the 2.2 branch (closes#7253).
Discussion
----------
[2.2] Pass ESI header to subrequests
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7252
| License | MIT
Commits
-------
af819a7 [2.2] Pass ESI header to subrequests
* 2.2:
Fix finding ACLs from ObjectIdentity's with different types
[HttpKernel] tweaked previous merge
#7531: [HttpKernel][Config] FileLocator adds NULL as global resource path
Fix autocompletion of command names when namespaces conflict
Fix timeout in Process::stop method
fixed CS
Round stream_select fifth argument up.
Fix Process timeout
[HttpKernel] Remove args from 5.3 stack traces to avoid filling log files, fixes#7259
bumped Symfony version to 2.2.2-DEV
updated VERSION for 2.2.1
updated CHANGELOG for 2.2.1
Fixed phpdoc blocks to show that $uri can be passed as a string or ControllerReference (rather than just as a string)
[HttpFoundation] Fixed copy pasted comment from FlashBag in AttributeBag
[FrameworkBundle] fixed the discovery of the PHPUnit configuration file when using aggregate options like in -vc app/ (closes#7562)
[WebProfilerBundle] removed next pointer class in a template
fix overwriting of request's locale if attribute _locale is missing
Conflicts:
src/Symfony/Component/HttpKernel/Debug/ErrorHandler.php
src/Symfony/Component/HttpKernel/EventListener/LocaleListener.php
src/Symfony/Component/HttpKernel/Kernel.php
This PR was merged into the master branch.
Discussion
----------
[HttpKernel] adds possibility to add attributes to hx:include tag
This PR follows #7439 and adds escaping to attributes.
This introduces 2 options to the `HIncludeFragmentRenderer::render()` method:
* `id`: an optional `id` attribute for the `hx:include` tag
* `attrs`: an optional array of attributes for the `hx:include` tag
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7439
Commits
-------
670a502 [HttpKernel] added escaping for hx:include tag attributes
342d089 Allow to set id + custom attributes to hinclude tag
This PR was merged into the master branch.
Discussion
----------
Improve bytes conversion method
This PR improves bytes conversion `regex` method introduced in #7413 (thanks to @vicb's comments).
* Adds support of `+` prefix.
* Adds support of blank chars between `+`, number and unit.
* Adds support of octal/hexa bases.
Notice that this can not be unit tested for `ServerParams` and `UploadedFile` classes because `ini_set()` function does not work with `post_max_size` and `upload_max_filesize` settings.
For information, this convertion is located in 3 classes:
* `Symfony\Component\Form\Extension\Validator\Util\ServerParams`
* `Symfony\Component\HttpFoundation\File\UploadedFile`
* `Symfony\Component\HttpKernel\DataCollector\MemoryDataCollector`
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7413
Commits
-------
21291ca improved bytes conversion method
This PR was merged into the master branch.
Discussion
----------
[2.3] [WIP] Synchronized services...
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #5300, #6756
| License | MIT
| Doc PR | symfony/symfony-docs#2343
Todo:
- [x] update documentation
- [x] find a better name than contagious (synchronized)?
refs #6932, refs #5012
This PR is a proof of concept that tries to find a solution for some problems we have with scopes and services depending on scoped services (mostly the request service in Symfony).
Basically, whenever you want to inject the Request into a service, you have two possibilities:
* put your own service into the request scope (a new service will be created whenever a sub-request is run, and the service is not available outside the request scope);
* set the request service reference as non-strict (your service is always available but the request you have depends on when the service is created the first time).
This PR addresses this issue by allowing to use the second option but you service still always has the right Request service (see below for a longer explanation on how it works).
There is another issue that this PR fixes: edge cases and weird behaviors. There are several bug reports about some weird behaviors, and most of the time, this is related to the sub-requests. That's because the Request is injected into several Symfony objects without being updated correctly when leaving the request scope. Let me explain that: when a listener for instance needs the Request object, it can listen to the `kernel.request` event and store the request somewhere. So, whenever you enter a sub-request, the listener will get the new one. But when the sub-request ends, the listener has no way to know that it needs to reset the request to the master one. In practice, that's not really an issue, but let me show you an example of this issue in practice:
* You have a controller that is called with the English locale;
* The controller (probably via a template) renders a sub-request that uses the French locale;
* After the rendering, and from the controller, you try to generate a URL. Which locale the router will use? Yes, the French locale, which is wrong.
To fix these issues, this PR introduces a new notion in the DIC: synchronized services. When a service is marked as synchronized, all method calls involving this service will be called each time this service is set. When in a scope, methods are also called to restore the previous version of the service when the scope leaves.
If you have a look at the router or the locale listener, you will see that there is now a `setRequest` method that will called whenever the request service changes (because the `Container::set()` method is called or because the service is changed by a scope change).
Commits
-------
17269e1 [DependencyInjection] fixed management of scoped services with an invalid behavior set to null
bb83b3e [HttpKernel] added a safeguard for when a fragment is rendered outside the context of a master request
5d7b835 [FrameworkBundle] added some functional tests
ff9d688 fixed Request management for FragmentHandler
1b98ad3 fixed Request management for LocaleListener
a7b2b7e fixed Request management for RequestListener
0892135 [HttpKernel] ensured that the Request is null when outside of the Request scope
2ffcfb9 [FrameworkBundle] made the Request service synchronized
ec1e7ca [DependencyInjection] added a way to automatically update scoped services
* 2.2: (70 commits)
change wrapped exception message to be more usefull
updated VERSION for 2.0.23
update CONTRIBUTORS for 2.0.23
updated CHANGELOG for 2.0.23
[Form] fixed failing test
[DomCrawler] added support for query string with slash
Fixed invalid file path for hiddeninput.exe on Windows.
fix xsd definition for strict-requirements
[WebProfilerBundle] Fixed the toolbar styles to apply them in IE8
[ClassLoader] fixed heredocs handling
fixed handling of heredocs
Add a public modifier to an interface method
removing xdebug extension
[HttpRequest] fixes Request::getLanguages() bug
[HttpCache] added a test (cached content should be kept after purging)
[DoctrineBridge] Fixed non-utf-8 recognition
[Security] fixed HttpUtils class tests
replaced new occurences of 'Request::create()' with '::create()'
changed sub-requests creation to '::create()'
fixed merge issue
...
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/TranslationUpdateCommand.php
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/toolbar.html.twig
src/Symfony/Component/DomCrawler/Link.php
src/Symfony/Component/Translation/Translator.php
* 2.1:
Add a public modifier to an interface method
[HttpRequest] fixes Request::getLanguages() bug
[HttpCache] added a test (cached content should be kept after purging)
[DoctrineBridge] Fixed non-utf-8 recognition
[Security] fixed HttpUtils class tests
Use the same format as object methods to describe closures and collect
the file and the line where it's been declared.
These informations should be added in the views of the webprofiler.
* 2.2: (26 commits)
[FrameworkBundle] Fixes invalid serialized objects in cache
remove dead code in yaml component
Fixed typo in UPGRADE-2.2
fixed typo
RedisProfilerStorage wrong db-number/index-number selected
[DependencyInjection] added a test for the previous merge (refs #7261)
Unset loading[$id] in ContainerBuilder on exception
Default validation message translation fix.
remove() should not use deprecated getParent() so it does not trigger deprecation internally
adjust routing tests to not use prefix in addCollection
add test for uniqueness of resources
added tests for addDefaults, addRequirements, addOptions
adjust RouteCollectionTest for the addCollection change and refactor the tests to only skip the part that really needs the config component
added tests for remove() that wasnt covered yet and special route name
refactor interator test that was still assuming a tree
adjust tests to no use addPrefix with options
adjusted tests to not use RouteCollection::getPrefix
[Routing] trigger deprecation warning for deprecated features that will be removed in 2.3
[Console] fixed StringInput binding
[Console] added string input test
...
This PR was merged into the master branch.
Commits
-------
b0bca01 add status text to web profiler response panel
Discussion
----------
[2.3] add status text to web profiler response panel
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | cosmetic
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Add the status text to the web profiler response panel
---------------------------------------------------------------------------
by Burgov at 2013-02-17T11:08:37Z
The response object allows for setting a custom status message, so displaying the predefined one could be confusing.
E.g. ```$reponse->setStatusCode(403, "You can't go here!")```
However, there is no getter for it to be read... Perhaps it should be added?
---------------------------------------------------------------------------
by fabpot at 2013-02-17T11:32:37Z
I think displaying the default text is good enough. I suppose that the intent is to easily remember what a given status code means. There is no getter for the status text as it has no real meaning in terms of HTTP.
---------------------------------------------------------------------------
by gimler at 2013-02-17T16:50:47Z
Yes this was my intention. But i think this is a good point the response should have a `getStatusText` method.
So actual to only point where the status text is use is when the response is converted to string.
@fabpot i would add the `getStatusText` method to the `response` class and modify the PR to use this text. Do you agree with that?
---------------------------------------------------------------------------
by fabpot at 2013-02-17T17:13:07Z
Ad I said in my previous comment, not having a `getStatusText()` was in fact intentional.
* 2.2:
Defined stable version point of Doctrine.
[HttpFoundation] Remove Cache-Control when using https download via IE<9 (fixes#6750)
Update composer.json
[Form] Fixed TimeType not to render a "size" attribute in select tags
[Form] Added test for "label" option to accept the value "0"
Expanded fault-tolerance for unusual cookie dates
Fix docblock type
[Form] Fixed "label" option to accept the value "0"
Added greek translation
merged branch jfcixmedia/2.1 (PR #5838)
added a note about a BC break for the path info of sub-request (closes#7138)
[DomCrawler] lowered parsed protocol string (fixes#6986)
[FrameworkBundle] Fix a BC for Hinclude global template
[HttpKernel] fixed locale management when exiting sub-requests
fixed HInclude renderer (closes#7113)
Removed some leaking deprecation warning in the Form component
[HttpKernel] hinclude fragment renderer must escape URIs properly to return valid html
Conflicts:
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/Security/composer.json
This PR was merged into the 2.2 branch.
Commits
-------
54d7d25 [HttpKernel] hinclude fragment renderer must escape URIs properly to return valid html
Discussion
----------
[HttpKernel] hinclude fragment renderer must escape URIs properly to return valid html
| Q | A
| ------------- | ---
| Bug fix? | [yes]
| New feature? | [no]
| BC breaks? | [no]
| Deprecations? | [no]
| Tests pass? | [yes]
| Fixed tickets | [-]
| License | MIT
| Doc PR | [-]
Since rendering of hinclude fragments returns html/xml, it is marked as safe. So it's not auto-escaped of course. But that means it must properly escape it's input (the URI) when outputting in html context.
Btw, this does not need to be done for esi because esi tags are processed in middleware which do not go to the client/browser.
---------------------------------------------------------------------------
by Koc at 2013-02-15T22:59:05Z
Will it works correct when `arg_separator.output="&"`?
---------------------------------------------------------------------------
by stof at 2013-02-15T23:04:01Z
if your url comes form the routing, yes. It [does not rely on the default separator](https://github.com/symfony/Routing/blob/master/Generator/UrlGenerator.php#L265) to avoid issues when the separator is configured to ``&`` as it would have been escaped again in Twig templates for instance.
---------------------------------------------------------------------------
by fabpot at 2013-02-16T07:26:19Z
Can you include the proper PR header in the description? Thanks.
---------------------------------------------------------------------------
by Tobion at 2013-02-16T12:28:18Z
Added.
* 2.2: (22 commits)
[Process] Fix regression introduced in #6620 / 880da01c49, fixes#7082
[HttpKernel] added a unit for the previous commit (closes#7025)
[HttpFoundation] fixed, overwritten CONTENT_TYPE
[BrowserKit] fixed test added in the previous merge (refs #7059)
[FrameworkBundle] tweaked reference dumper command (see #7093)
Remove unnecessary comment and change test name
[Config] tweaked dumper to indent multi-line info
[HttpKernel] added some tests for previous merge
Fix REMOTE_ADDR for cached subrequests
[FrameworkBundle] CSRF should be on by default
[WebProfilerBundle] removed dependency on FrameworkBundle (closes#6949)
[HttpKernel] added error display suppression when using the ErrorHandler (if not, errors are displayed twice, refs #6254)
[HttpFoundation] tweaked previous merge
[HttpFoundation] Added getter for httpMethodParameterOverride state
Create validators.lv.xlf
[Process] Warn user with a useful message when tmpfile() failed
[BrowserKit] added a test to make sure HTTP authentication is preserved when submitting a form
Remove array type hint from GetResponseForControllerResultEvent::setControllerResult()
bumped Symfony version to 2.2.0-DEV
Revert "merged branch povilas/issue_6101 (PR #6708)"
...
* 2.1:
[FrameworkBundle] tweaked reference dumper command (see #7093)
[HttpKernel] added some tests for previous merge
Fix REMOTE_ADDR for cached subrequests
[Process] Warn user with a useful message when tmpfile() failed
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ConfigDumpReferenceCommand.php
* 2.2:
Fixed XmlFileLoaderTest::testLoadThrowsExceptionWithInvalidFileEvenWithoutSchemaValidation
moved file hash calculation to own method
[Validator] Add check for existing metadata on property
added support for the X-Forwarded-For header (closes#6982, closes#7000)
fixed the IP address in HttpCache when calling the backend
[EventDispatcher] Added assertion.
[EventDispathcer] Fix removeListener
[DependencyInjection] Add clone for resources which were introduced in 2.1
[DependencyInjection] Allow frozen containers to be dumped to graphviz
Fix 'undefined index' error, when entering scope recursively
[Security] fixed session creation on login (closes#7011)
replaced usage of the deprecated pattern routing key (replaced with path)
Add dot character `.` to legal mime subtype regular expression
[HttpFoundation] fixed the creation of sub-requests under some circumstancies (closes#6923, closes#6936)
* 2.1:
added support for the X-Forwarded-For header (closes#6982, closes#7000)
fixed the IP address in HttpCache when calling the backend
[EventDispatcher] Added assertion.
[EventDispathcer] Fix removeListener
[DependencyInjection] Add clone for resources which were introduced in 2.1
[DependencyInjection] Allow frozen containers to be dumped to graphviz
Fix 'undefined index' error, when entering scope recursively
[Security] fixed session creation on login (closes#7011)
Add dot character `.` to legal mime subtype regular expression
[HttpFoundation] fixed the creation of sub-requests under some circumstancies (closes#6923, closes#6936)
* 2.2: (30 commits)
[HttpFoundation] Added support for partial ranges in the BinaryFileResponse.
[HttpFoundation] Fixed byte ranges in the BinaryFileResponse.
updated required versions when depending on the HttpFoundation component
updated required versions when depending on the HttpKernel component
updated required versions when depending on the Config component
updated required versions when depending on the Form component
updated required versions when depending on the DependencyInjection component
updated required versions when depending on the Validator component
updated required versions when depending on the Translation component
updated required versions when depending on the Routing component
updated required versions when depending on the EventDispatcher component
updated required versions when depending on the OptionsResolver component
updated required versions when depending on the PropertyAccess component
updated required versions when depending on the Security component
updated required versions when depending on the Templating component
updated required versions when depending on the Stopwatch component
updated required versions when depending on the Process component
updated required versions when depending on the Finder component
updated required versions when depending on the Dom Crawler component
use ~2.0 when depending on the Dom Crawler component
...
