This PR was squashed before being merged into the 2.7 branch (closes#18688).
Discussion
----------
[HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#6526
Emit a warning when a request has both a trusted Forwarded header and a trusted X-Forwarded-For header, as this is most likely a misconfiguration which causes security issues.
Commits
-------
ee8842f [HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
* 3.0:
fixed CS
fixed CS
fixed form tests
[Console] Fix formatting of SymfonyStyle::comment()
[Form] fix post max size translation type extension for >= 2.8
removed dots at the end of @param and @return
fixed typo
* 2.8:
fixed CS
fixed form tests
[Console] Fix formatting of SymfonyStyle::comment()
[Form] fix post max size translation type extension for >= 2.8
removed dots at the end of @param and @return
fixed typo
This PR was merged into the 2.8 branch.
Discussion
----------
[Console] Fix formatting of SymfonyStyle::comment()
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19172
| License | MIT
| Doc PR | n/a
This:
```php
$io->comment('Lorem ipsum dolor sit amet, consectetur adipisicing elit, <comment>sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat </comment>cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.');
```
Before outputs:
![](http://image.prntscr.com/image/1d2ea9de42024b53a77120c482be51d4.png)
After:
![](http://image.prntscr.com/image/36de23ec14b64804b0cbae7a431185be.png)
This moves the lines-cutting logic from `block()` into a specific `createBlock`, used from both `comment()` and `block()`, sort as `comment()` can take messages containing nested tags and outputs a correctly formatted block without escaping tags.
Commits
-------
0a53e1d [Console] Fix formatting of SymfonyStyle::comment()
Remove decoration from frameworkbundle test (avoid testing the Console behaviour)
Set background to default
Test output
Adapt test for FrameworkBundle
Use Helper::strlenWithoutDecoration rather than Helper::strlen(strip_tags(..))
Improve logic for align all lines to the first in block()
Tests more block() possible outputs
Avoid calling Helper::strlenWithoutDecoration in loop for prefix, assign it instead
* 3.0:
[CS] Respect PSR2 4.2
[Form] fix `empty_data` option in expanded `ChoiceType`
[Console] removed unneeded private methods
[Security] [Guard] Improve comment with working example
sync min email validator version
[TwigBridge] Fix inconsistency in LintCommand help
explicitly forbid e-mail validator 2.0 or higher
Fixed SymfonyQuestionHelper multi-choice with defaults
[DoctrineBridge] Don't use object IDs in DoctrineChoiceLoader when passing a value closure
Differentiate between the first time a progress bar is displayed and subsequent times
finished previous commit
No more exception for malformed input name
fix post_max_size_message translation
[Process] Fix pipes cleaning on Windows
Avoid phpunit 5.4 warnings on getMock
[Form] Add exception to FormRenderer about non-unique block names
[Form] Consider a violation even if the form is not submitted
* 2.8:
[CS] Respect PSR2 4.2
[Form] fix `empty_data` option in expanded `ChoiceType`
[Console] removed unneeded private methods
[Security] [Guard] Improve comment with working example
sync min email validator version
[TwigBridge] Fix inconsistency in LintCommand help
explicitly forbid e-mail validator 2.0 or higher
Fixed SymfonyQuestionHelper multi-choice with defaults
[DoctrineBridge] Don't use object IDs in DoctrineChoiceLoader when passing a value closure
Differentiate between the first time a progress bar is displayed and subsequent times
finished previous commit
No more exception for malformed input name
fix post_max_size_message translation
[Process] Fix pipes cleaning on Windows
Avoid phpunit 5.4 warnings on getMock
[Form] Add exception to FormRenderer about non-unique block names
[Form] Consider a violation even if the form is not submitted
* 2.7:
[CS] Respect PSR2 4.2
[Form] fix `empty_data` option in expanded `ChoiceType`
[Console] removed unneeded private methods
sync min email validator version
[TwigBridge] Fix inconsistency in LintCommand help
explicitly forbid e-mail validator 2.0 or higher
Fixed SymfonyQuestionHelper multi-choice with defaults
[DoctrineBridge] Don't use object IDs in DoctrineChoiceLoader when passing a value closure
Differentiate between the first time a progress bar is displayed and subsequent times
finished previous commit
No more exception for malformed input name
fix post_max_size_message translation
[Process] Fix pipes cleaning on Windows
Avoid phpunit 5.4 warnings on getMock
[Form] Add exception to FormRenderer about non-unique block names
[Form] Consider a violation even if the form is not submitted
* 3.0:
fixed CS
fixed CS
fixed CS
tweaked default CS fixer config
[HttpKernel] Dont close the output stream in debug
move HttpKernel component to require section
Fixed oci and sqlsrv merge queries when emulation is disabled - fixes#17284
[Session] fix PDO transaction aborted under PostgreSQL
[Console] Use InputInterface inherited doc as possible
Mention generating absolute urls in UPGRADE files and CHANGELOG
add docblock type elements to support newly added IteratorAggregate::getIterator PhpStorm support
FormBuilderInterface: fix getForm() return type.
Fixed typo in PHPDoc
* 2.8:
fixed CS
fixed CS
tweaked default CS fixer config
[HttpKernel] Dont close the output stream in debug
move HttpKernel component to require section
Fixed oci and sqlsrv merge queries when emulation is disabled - fixes#17284
[Session] fix PDO transaction aborted under PostgreSQL
[Console] Use InputInterface inherited doc as possible
Mention generating absolute urls in UPGRADE files and CHANGELOG
add docblock type elements to support newly added IteratorAggregate::getIterator PhpStorm support
FormBuilderInterface: fix getForm() return type.
Fixed typo in PHPDoc
* 2.7:
fixed CS
tweaked default CS fixer config
[HttpKernel] Dont close the output stream in debug
move HttpKernel component to require section
Fixed oci and sqlsrv merge queries when emulation is disabled - fixes#17284
[Session] fix PDO transaction aborted under PostgreSQL
[Console] Use InputInterface inherited doc as possible
add docblock type elements to support newly added IteratorAggregate::getIterator PhpStorm support
FormBuilderInterface: fix getForm() return type.
Fixed typo in PHPDoc
* 3.0: (25 commits)
Fix merge
[HttpFoundation] Use UPSERT for sessions stored in PgSql >= 9.5
[Console] fixed PHPDoc
[travis] HHVM 3.12 LTS
Fix feature detection for IE
[Form] Fixed collapsed choice attributes
[Console] added explanation of messages usage in a progress bar
force enabling the external XML entity loaders
[Yaml] properly count skipped comment lines
[WebProfilerBundle] Fix invalid CSS style
Added progressive jpeg to mime types guesser
[Yaml] Fix wrong line number when comments are inserted in the middle of a block.
Fixed singular of committee
Do not inject web debug toolbar on attachments
bumped Symfony version to 3.0.8
updated VERSION for 3.0.7
updated CHANGELOG for 3.0.7
bumped Symfony version to 2.8.8
updated VERSION for 2.8.7
updated CHANGELOG for 2.8.7
...
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/PropertyAccess/StringUtil.php
src/Symfony/Component/PropertyAccess/Tests/StringUtilTest.php
src/Symfony/Component/Yaml/Parser.php
src/Symfony/Component/Yaml/Tests/ParserTest.php
* 2.8: (22 commits)
Fix merge
[HttpFoundation] Use UPSERT for sessions stored in PgSql >= 9.5
[Console] fixed PHPDoc
[travis] HHVM 3.12 LTS
Fix feature detection for IE
[Form] Fixed collapsed choice attributes
[Console] added explanation of messages usage in a progress bar
force enabling the external XML entity loaders
[Yaml] properly count skipped comment lines
[WebProfilerBundle] Fix invalid CSS style
Added progressive jpeg to mime types guesser
[Yaml] Fix wrong line number when comments are inserted in the middle of a block.
Fixed singular of committee
Do not inject web debug toolbar on attachments
bumped Symfony version to 2.8.8
updated VERSION for 2.8.7
updated CHANGELOG for 2.8.7
bumped Symfony version to 2.7.15
updated VERSION for 2.7.14
update CONTRIBUTORS for 2.7.14
...
Conflicts:
CHANGELOG-2.7.md
CHANGELOG-3.0.md
src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php
src/Symfony/Component/HttpKernel/Kernel.php
* 2.7:
[HttpFoundation] Use UPSERT for sessions stored in PgSql >= 9.5
[Console] fixed PHPDoc
[travis] HHVM 3.12 LTS
Fix feature detection for IE
[Form] Fixed collapsed choice attributes
[Console] added explanation of messages usage in a progress bar
force enabling the external XML entity loaders
[Yaml] properly count skipped comment lines
Conflicts:
src/Symfony/Component/Translation/Loader/XliffFileLoader.php
* 3.0:
[BrowserKit] Bump dom-crawler minimum version requirement
Make one call to "OutputInterface::write" method per table row
[HttpKernel] Fix context dependent test
[Debug] Fix context dependent test
* 2.8:
[BrowserKit] Bump dom-crawler minimum version requirement
Make one call to "OutputInterface::write" method per table row
[HttpKernel] Fix context dependent test
[Debug] Fix context dependent test
* 2.7:
[BrowserKit] Bump dom-crawler minimum version requirement
Make one call to "OutputInterface::write" method per table row
[HttpKernel] Fix context dependent test
[Debug] Fix context dependent test
* 3.0:
`@throws` annotations should go after `@return`
Fix merge
updated VERSION for 2.3.42
update CONTRIBUTORS for 2.3.42
updated CHANGELOG for 2.3.42
Revert "bug #18908 [DependencyInjection] force enabling the external XML entity loaders (xabbuh)"
Partial revert of previous PR
[DependencyInjection] Skip deep reference check for 'service_container'
Catch \Throwable
[Serializer] Add missing @throws annotations
Fix for #18843
force enabling the external XML entity loaders
Removed UTC specification with timestamp
Conflicts:
src/Symfony/Component/Yaml/Tests/InlineTest.php
* 2.8:
`@throws` annotations should go after `@return`
Fix merge
updated VERSION for 2.3.42
update CONTRIBUTORS for 2.3.42
updated CHANGELOG for 2.3.42
Revert "bug #18908 [DependencyInjection] force enabling the external XML entity loaders (xabbuh)"
Partial revert of previous PR
[DependencyInjection] Skip deep reference check for 'service_container'
Catch \Throwable
[Serializer] Add missing @throws annotations
Fix for #18843
force enabling the external XML entity loaders
Removed UTC specification with timestamp
Conflicts:
CHANGELOG-2.3.md
src/Symfony/Bundle/FrameworkBundle/Routing/DelegatingLoader.php
src/Symfony/Bundle/TwigBundle/Extension/AssetsExtension.php
src/Symfony/Component/Config/Loader/FileLoader.php
src/Symfony/Component/DependencyInjection/Container.php
src/Symfony/Component/DependencyInjection/ContainerBuilder.php
src/Symfony/Component/Finder/Expression/Expression.php
src/Symfony/Component/Finder/Finder.php
src/Symfony/Component/HttpKernel/DependencyInjection/ContainerAwareHttpKernel.php
src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php
* 2.7:
`@throws` annotations should go after `@return`
Fix merge
updated VERSION for 2.3.42
update CONTRIBUTORS for 2.3.42
updated CHANGELOG for 2.3.42
Revert "bug #18908 [DependencyInjection] force enabling the external XML entity loaders (xabbuh)"
Partial revert of previous PR
[DependencyInjection] Skip deep reference check for 'service_container'
Catch \Throwable
[Serializer] Add missing @throws annotations
Fix for #18843
force enabling the external XML entity loaders
Removed UTC specification with timestamp
Conflicts:
src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php
src/Symfony/Component/Finder/Finder.php
src/Symfony/Component/Security/Acl/Dbal/MutableAclProvider.php
src/Symfony/Component/Security/Acl/Domain/ObjectIdentity.php
src/Symfony/Component/Security/Acl/Model/AclInterface.php
src/Symfony/Component/Security/Acl/Model/MutableAclProviderInterface.php
src/Symfony/Component/Security/Acl/Permission/MaskBuilder.php
src/Symfony/Component/Translation/Loader/XliffFileLoader.php
src/Symfony/Component/Yaml/Tests/InlineTest.php
* 2.3:
updated VERSION for 2.3.42
update CONTRIBUTORS for 2.3.42
updated CHANGELOG for 2.3.42
Revert "bug #18908 [DependencyInjection] force enabling the external XML entity loaders (xabbuh)"
Partial revert of previous PR
[DependencyInjection] Skip deep reference check for 'service_container'
Catch \Throwable
[Serializer] Add missing @throws annotations
Fix for #18843
force enabling the external XML entity loaders
Removed UTC specification with timestamp
* 3.0:
[Console] SymfonyStyle: Fix alignment/prefixing of multi-line comments
[Routing] Finish annotation loader taking a class constant as a beginning of a class name
[Routing] Fix the annotation loader taking a class constant as a beginning of a class name
* 2.8:
[Console] SymfonyStyle: Fix alignment/prefixing of multi-line comments
[Routing] Finish annotation loader taking a class constant as a beginning of a class name
[Routing] Fix the annotation loader taking a class constant as a beginning of a class name
* 3.0:
[Yaml] fix exception contexts
People - person singularization
[Yaml] properly handle unindented collections
[Serializer] Add test for ignored attributes during denormalization
chomp newlines only at the end of YAML documents
Fixed server status command when port has been omitted
Update UPGRADE FROM 2.x to 3.0
fix removed commands wording in upgrade file
Catch \Throwable
Catch \Throwable
[DependencyInjection] Avoid generating call_user_func in more cases
[Validator] Support for DateTimeImmutable
[FrameworkBundle] update upgrade instructions
Use levenshtein level for better Bundle matching
[WebProfilerBundle] Fix CORS ajax security issues
remove methods that were needed for PHP 5.3
[DX][DI] Make Autowiring exceptions more future friendly
* 2.8:
[Yaml] fix exception contexts
People - person singularization
[Yaml] properly handle unindented collections
[Serializer] Add test for ignored attributes during denormalization
chomp newlines only at the end of YAML documents
Fixed server status command when port has been omitted
Update UPGRADE FROM 2.x to 3.0
fix removed commands wording in upgrade file
Catch \Throwable
Catch \Throwable
Use levenshtein level for better Bundle matching
[WebProfilerBundle] Fix CORS ajax security issues
[DX][DI] Make Autowiring exceptions more future friendly
* 2.7:
[Yaml] fix exception contexts
People - person singularization
[Yaml] properly handle unindented collections
[Serializer] Add test for ignored attributes during denormalization
chomp newlines only at the end of YAML documents
Fixed server status command when port has been omitted
Update UPGRADE FROM 2.x to 3.0
Catch \Throwable
Use levenshtein level for better Bundle matching
[WebProfilerBundle] Fix CORS ajax security issues