Commit Graph

33559 Commits

Author SHA1 Message Date
Nicolas Grekas
c5595a1f11 Merge branch '3.3' into 3.4
* 3.3:
  fix deps=low
2017-11-16 18:19:19 +02:00
Nicolas Grekas
e4f00cc6be Merge branch '2.8' into 3.3
* 2.8:
  fix deps=low
2017-11-16 18:14:18 +02:00
Nicolas Grekas
1c026e0a5b Merge branch '2.7' into 2.8
* 2.7:
  fix deps=low
2017-11-16 18:08:43 +02:00
Nicolas Grekas
7993ce57a4 fix deps=low 2017-11-16 17:51:27 +02:00
Nicolas Grekas
caa10ae038 Merge branch '3.3' into 3.4
* 3.3:
  fixed CS
  fixed CS
  [Security] Namespace generated CSRF tokens depending of the current scheme
  ensure that submitted data are uploaded files
  [Console] remove dead code
  bumped Symfony version to 3.3.13
  updated VERSION for 3.3.12
  updated CHANGELOG for 3.3.12
  bumped Symfony version to 2.8.31
  updated VERSION for 2.8.30
  updated CHANGELOG for 2.8.30
  bumped Symfony version to 2.7.38
  updated VERSION for 2.7.37
  updated CHANGELOG for 2.7.37
  [Security] Validate redirect targets using the session cookie domain
  prevent bundle readers from breaking out of paths
2017-11-16 17:25:26 +02:00
Nicolas Grekas
ea2447f0b8 Merge branch '2.8' into 3.3
* 2.8:
  fixed CS
  fixed CS
  [Security] Namespace generated CSRF tokens depending of the current scheme
  ensure that submitted data are uploaded files
  [Console] remove dead code
  bumped Symfony version to 2.8.31
  updated VERSION for 2.8.30
  updated CHANGELOG for 2.8.30
  bumped Symfony version to 2.7.38
  updated VERSION for 2.7.37
  updated CHANGELOG for 2.7.37
  [Security] Validate redirect targets using the session cookie domain
  prevent bundle readers from breaking out of paths
2017-11-16 17:24:32 +02:00
Nicolas Grekas
44c5d7f405 Merge branch '2.7' into 2.8
* 2.7:
  fixed CS
  fixed CS
  [Security] Namespace generated CSRF tokens depending of the current scheme
  ensure that submitted data are uploaded files
  [Console] remove dead code
  bumped Symfony version to 2.7.38
  updated VERSION for 2.7.37
  updated CHANGELOG for 2.7.37
  [Security] Validate redirect targets using the session cookie domain
  prevent bundle readers from breaking out of paths
2017-11-16 17:20:19 +02:00
Fabien Potencier
b67b807164 fixed CS 2017-11-16 17:17:32 +02:00
Fabien Potencier
4d288439bc security #24995 Validate redirect targets using the session cookie domain (nicolas-grekas)
This PR was merged into the 2.7 branch.

Discussion
----------

Validate redirect targets using the session cookie domain

| Q             | A
| ------------- | ---
| Branch?       | 2.7
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | n/a
| License       | MIT
| Doc PR        | n/a

<!--
- Bug fixes must be submitted against the lowest branch where they apply
  (lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->

Commits
-------

52b06f1c21 [Security] Validate redirect targets using the session cookie domain
2017-11-16 17:16:56 +02:00
Fabien Potencier
097ce09140 security #24994 Prevent bundle readers from breaking out of paths (xabbuh)
This PR was merged into the 2.7 branch.

Discussion
----------

Prevent bundle readers from breaking out of paths

| Q             | A
| ------------- | ---
| Branch?       | 2.7
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | n/a
| License       | MIT
| Doc PR        | n/a

<!--
- Bug fixes must be submitted against the lowest branch where they apply
  (lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->

Commits
-------

c8f9f916b4 prevent bundle readers from breaking out of paths
2017-11-16 17:15:44 +02:00
Fabien Potencier
0a1ea85998 security #24993 Ensure that submitted data are uploaded files (xabbuh)
This PR was merged into the 2.7 branch.

Discussion
----------

Ensure that submitted data are uploaded files

| Q             | A
| ------------- | ---
| Branch?       | 2.7
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | yes
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | n/a
| License       | MIT
| Doc PR        | n/a

<!--
- Bug fixes must be submitted against the lowest branch where they apply
  (lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->

Commits
-------

f9e210cc7b ensure that submitted data are uploaded files
2017-11-16 17:14:44 +02:00
Fabien Potencier
07fc11cd65 fixed CS 2017-11-16 17:13:44 +02:00
Fabien Potencier
b4dbdd7cd8 security #24992 Namespace generated CSRF tokens depending of the current scheme (dunglas)
This PR was merged into the 2.7 branch.

Discussion
----------

Namespace generated CSRF tokens depending of the current scheme

| Q             | A
| ------------- | ---
| Branch?       | 2.7
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | n/a
| License       | MIT
| Doc PR        | n/a

<!--
- Bug fixes must be submitted against the lowest branch where they apply
  (lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->

Commits
-------

cdb4271975 [Security] Namespace generated CSRF tokens depending of the current scheme
2017-11-16 17:12:07 +02:00
Kévin Dunglas
cdb4271975
[Security] Namespace generated CSRF tokens depending of the current scheme 2017-11-16 15:51:08 +02:00
Roland Franssen
278088931b Replace array|\Traversable by iterable 2017-11-16 13:37:27 +01:00
Nicolas Grekas
2176be74d8
[DI] Fix by-type args injection 2017-11-16 13:36:51 +02:00
Christian Flothmann
f9e210cc7b ensure that submitted data are uploaded files 2017-11-16 09:58:50 +01:00
Christian Flothmann
7359cbe063 [Validator] enter the context in which to validate 2017-11-16 09:10:44 +01:00
Christian Flothmann
f7e634bc3e remove services resetter even when it's an alias
All the other places in the compiler pass do not care whether the
resetter service is aliased or not. Let's just also properly deal with
the case that the services resetter service was aliased by another
bundle.
2017-11-15 18:30:56 +01:00
Nicolas Grekas
fc3d3bbf60
[HttpKernel] Fix service arg resolver for controllers as array callables 2017-11-15 13:29:33 +02:00
Samuel ROZE
a9e9f36799
Add service value resolver tests
Prove that the service value resolver will not work with the array notation
2017-11-15 13:29:21 +02:00
Robin Chalas
2c2253df8c minor #24962 [Console] remove dead code (Tobion)
This PR was merged into the 2.7 branch.

Discussion
----------

[Console] remove dead code

| Q             | A
| ------------- | ---
| Branch?       | 2.7
| Bug fix?      | no
| New feature?  | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks?    | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass?   | yes
| Fixed tickets |
| License       | MIT
| Doc PR        |

Part of #24961 for 2.7

Commits
-------

65f2b13 [Console] remove dead code
2017-11-15 10:26:39 +01:00
Nicolas Grekas
a96139273f [FrameworkBundle] Empty event dispatcher earlier in CacheClearCommand 2017-11-15 00:32:17 +02:00
Tobias Schultze
65f2b13e6b [Console] remove dead code 2017-11-13 22:35:01 +01:00
Fabien Potencier
73ef74aa8c bumped Symfony version to 3.3.13 2017-11-13 11:43:22 -08:00
Fabien Potencier
1452970fc2
Merge pull request #24958 from fabpot/release-3.3.12
released v3.3.12
2017-11-13 11:37:31 -08:00
Fabien Potencier
63f69f0c89 updated VERSION for 3.3.12 2017-11-13 11:37:21 -08:00
Fabien Potencier
7c9c05371c updated CHANGELOG for 3.3.12 2017-11-13 11:37:14 -08:00
Fabien Potencier
db6da75a8d bumped Symfony version to 2.8.31 2017-11-13 11:36:26 -08:00
Fabien Potencier
628af92533
Merge pull request #24957 from fabpot/release-2.8.30
released v2.8.30
2017-11-13 11:30:38 -08:00
Fabien Potencier
42596fef66 updated VERSION for 2.8.30 2017-11-13 11:30:25 -08:00
Fabien Potencier
6c34cb2c31 updated CHANGELOG for 2.8.30 2017-11-13 11:30:21 -08:00
Fabien Potencier
49fe412ccc bumped Symfony version to 2.7.38 2017-11-13 11:29:05 -08:00
Anatol Belski
059f59a106 Fix ambiguous pattern 2017-11-13 20:26:33 +01:00
Fabien Potencier
c166da4131
Merge pull request #24955 from fabpot/release-2.7.37
released v2.7.37
2017-11-13 10:51:56 -08:00
Fabien Potencier
9a161068bc updated VERSION for 2.7.37 2017-11-13 10:51:22 -08:00
Fabien Potencier
2a70d55b9f updated CHANGELOG for 2.7.37 2017-11-13 10:51:16 -08:00
Nicolas Grekas
ecad1c4b3b Merge branch '3.3' into 3.4
* 3.3:
  [DI] Fix dumping with custom base class
  [HttpFoundation] Add test
  [HttpFoundation] Fix session-related BC break
  [Process] Workaround PHP bug #75515 in ProcessTest::testSimpleInputStream()
  fix method name
2017-11-13 19:20:08 +01:00
Nicolas Grekas
772f29fd25 bug #24954 [DI] Fix dumping with custom base class (nicolas-grekas)
This PR was merged into the 3.3 branch.

Discussion
----------

[DI] Fix dumping with custom base class

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #24948
| License       | MIT
| Doc PR        | -

ping @kbond please confirm it's OK for you

Commits
-------

2dd74ab [DI] Fix dumping with custom base class
2017-11-13 19:15:33 +01:00
Nicolas Grekas
1b44a4bf16 Merge branch '2.8' into 3.3
* 2.8:
  [HttpFoundation] Add test
  [HttpFoundation] Fix session-related BC break
  fix method name
2017-11-13 19:13:16 +01:00
Nicolas Grekas
dee37688ab Merge branch '2.7' into 2.8
* 2.7:
  [HttpFoundation] Add test
  [HttpFoundation] Fix session-related BC break
  fix method name
2017-11-13 19:11:59 +01:00
Nicolas Grekas
2dd74ab89e [DI] Fix dumping with custom base class 2017-11-13 19:10:32 +01:00
Nicolas Grekas
3946f25444 minor #24939 fixed typo (mickaelandrieu)
This PR was submitted for the master branch but it was merged into the 3.4 branch instead (closes #24939).

Discussion
----------

fixed typo

| Q             | A
| ------------- | ---
| Branch?       | master / 3.4?
| Bug fix?      | no
| New feature?  | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks?    | no
| BC breaks?    | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass?   | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License       | MIT
| Doc PR        |  it's actually part of docs <!--highly recommended for new features-->

<!--
- Bug fixes must be submitted against the lowest branch where they apply
  (lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->

Commits
-------

bfede8c fixed typo
2017-11-13 19:06:49 +01:00
Mickaël Andrieu
bfede8ceee fixed typo 2017-11-13 19:06:49 +01:00
Nicolas Grekas
5fa5ef76b1 minor #24940 [Form] fix method name (xabbuh)
This PR was merged into the 2.7 branch.

Discussion
----------

[Form] fix method name

| Q             | A
| ------------- | ---
| Branch?       | 2.7
| Bug fix?      | no
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets |
| License       | MIT
| Doc PR        |

Commits
-------

b862168 fix method name
2017-11-13 19:05:48 +01:00
Nicolas Grekas
70dd46ba93 bug #24952 [HttpFoundation] Fix session-related BC break (nicolas-grekas, sroze)
This PR was merged into the 2.7 branch.

Discussion
----------

[HttpFoundation] Fix session-related BC break

| Q             | A
| ------------- | ---
| Branch?       | 2.7
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #24941, #24934, #24947 and #24946
| License       | MIT
| Doc PR        | -

Conservative fix.

Commits
-------

38186aa [HttpFoundation] Add test
3eaa188 [HttpFoundation] Fix session-related BC break
2017-11-13 19:03:47 +01:00
Nicolas Grekas
50c2a7c856 minor #24953 [Process] Workaround PHP bug #75515 in ProcessTest::testSimpleInputStream() (nicolas-grekas)
This PR was merged into the 3.3 branch.

Discussion
----------

[Process] Workaround PHP bug #75515 in ProcessTest::testSimpleInputStream()

| Q             | A
| ------------- | ---
| Branch?       | 3.3
| Bug fix?      | no
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | -
| License       | MIT
| Doc PR        | -

Fixes tests accounting for a bug in PHP7.2RC6

Commits
-------

65ebe99 [Process] Workaround PHP bug #75515 in ProcessTest::testSimpleInputStream()
2017-11-13 19:02:29 +01:00
Samuel ROZE
38186aab2f [HttpFoundation] Add test 2017-11-13 18:34:39 +01:00
Nicolas Grekas
3eaa18889c [HttpFoundation] Fix session-related BC break 2017-11-13 16:55:02 +01:00
Nicolas Grekas
65ebe99e78 [Process] Workaround PHP bug #75515 in ProcessTest::testSimpleInputStream() 2017-11-13 16:31:11 +01:00