This PR was submitted for the master branch but it was merged into the 2.4 branch instead (closes#11278).
Discussion
----------
Remove Spaceless Blocks From Twig Templates
Leaving it in can only mangle values from data bound to the form.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11277
| License | MIT
| Doc PR |
The tests pass here, but it doesn't seem like any tests really cover the actual rendering.
Commits
-------
793a083 Remove Spaceless Blocks From Twig Templates
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] Fix to prevent magic bytes injection in JSONP responses... (CVE-2014-4671)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no*
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
| CVE Ticket | [CVE-2014-4671](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4671)
| See Also | [Rosetta Flash](http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/)
\* Unless you are parsing the response string manually, which you really shouldn't do anyway
**THIS IS A SECURITY FIX AND SHOULD BE MERGED SHORTLY**
This fix prevents attacks vectors where third-party browser plugins depends on ASCII magic bytes in order to execute a plugin. This is currently exploited with Flash using a carefully crafted JSONP response, allowing the execution of random SWF data from a domain with a vulnerable JSONP endpoint.
This security issue is mitigated by adding an empty comment right before the callback parameter. This does not affect the execution of the JSONP callback.
Commits
-------
6af3d05 [HttpFoundation] Fix to prevent magic bytes injection in JSONP responses (Prevents CVE-2014-4671)
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] [Validator] Fix UserPassword validator translation
| Q | A
| ------------- | ---
| Fixed tickets | None
| License | MIT
Fixes the UserPassword translation message only for 2.3 as discussed in symfony/symfony#11383.
Commits
-------
73d50ed Fix UserPassword validator translation
This PR was merged into the 2.3 branch.
Discussion
----------
Remove Spaceless Blocks from Twig Form Templates
In favor of using Twig's whitespace control operators. See #11277
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11277
| License | MIT
| Doc PR |
Per @fabpot and @stof's requests in #11278, this is a PR for the 2.3 branch.
Commits
-------
8f9ed3e Remove Spaceless Blocks from Twig Form Templates
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][HttpFoundation] Fix wrong assertion in Response test
| Q | A
| ------------- | ---
| Bug fix? | kinda
| New feature? | no
| BC breaks? | no
| Tests pass? | yes
| License | MIT
Commits
-------
3d63f80 [HttpFoundation] Fix wrong assertion in Response test
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#9719).
Discussion
----------
[TwigBundle] fix configuration tree for paths
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8171
| License | MIT
| Doc PR | na
This is a joint effort with @mdavis1982 and @cordoval 👶 pairing up and warming for hacking day in Warsaw
Commits
-------
9aa88e4 added regression test
4201d41 fix issue #8171 on configuration tree for twig extension -- pairing up with @cordoval
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][Form] Cleanup & fix phpdocs
| Q | A
| ------------- | ---
| Bug fix? | kinda
| New feature? | no
| BC breaks? | no
| Tests pass? | yes
| License | MIT
This PR was done mostly cause of reports about invalid/not supported types/variables in phpstorm/scrutinizer-ci, and after I started fixing I noticed more problems in those phpdocs so I have cleanedup them a bit.
Commits
-------
a67bc76 [2.3][Form] Cleanup & fix phpdocs
This PR was merged into the 2.4 branch.
Discussion
----------
Added verbosity methods to NullOutput
These 4 methods were not added to the OutputInterface because of BC, but they should still be implemented in all classes which implement that interface. Otherwise we have to do nasty tricks...
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
0459249 Added verbosity methods
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#11244).
Discussion
----------
[HttpFoundation] Remove body-related headers when sending the response, if body is empty
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
I've updated the implementation for informational and 204 or 304 responses. They will now, as they have no content, not return headers like `content-type` or `content-length`.
I'm unsure about `content-length` - we could also set it hardcoded to zero ... but I thought, that (because the specs say that it just can't have a response-body) the system should not return anything here.
Commits
-------
9dbe89d [HttpFoundation] Remove content-related headers if content is empty
This PR was merged into the 2.3 branch.
Discussion
----------
remove defaults from PHPUnit configuration
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | --
| License | MIT
| Doc PR | --
Follow-up to #11329.
Commits
-------
afc4930 removed defaults from PHPUnit configuration
* 2.3:
bumped Symfony version to 2.3.18
updated VERSION for 2.3.17
update CONTRIBUTORS for 2.3.17
updated CHANGELOG for 2.3.17
added XSD to PHPUnit configuration
bug #11319 [HttpKernel] Ensure the storage exists before purging it in ProfilerTest
[Translation] Added unescaping of ids in PoFileLoader
updated italian translation for validation messages
[DomCrawler] Fix docblocks and formatting.
[DomCrawler] Remove the query string and the anchor of the uri of a link
Simplified the Travis test command
[Console] Make sure formatter is the same
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
This PR was merged into the 2.3 branch.
Discussion
----------
add XSD to PHPUnit configuration
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | --
| License | MIT
| Doc PR | --
The syntax check functionality has been removed in PHPUnit 3.6 already. But there's no Composer constraint for PHPUnit, so you can never know which version will actually be used to run tests. Let me know what you think.
Commits
-------
84b5581 added XSD to PHPUnit configuration
This PR was merged into the 2.4 branch.
Discussion
----------
[Process] add missing docblock for ProcessBuilder::addEnvironmentVariables()
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
9e1d11d add missing docblock for ProcessBuilder::addEnvironmentVariables()
ce29e0a bug #11283 [SecurityBundle] Remove Expression Language services when the component is unavailable (thewilkybarkid)
557a82a Remove Expression Language services when the component is unavailable
5b2e34f Merge branch '2.3' into 2.4
85af997 bug #11259 [Config] Fixed failed config schema loads due to libxml_disable_entity_loader usage (ccorliss)
de2bef5 Fixed failed config schema loads due to libxml_disable_entity_loader usage.
8a68e6c bug #11234 [ClassLoader] fixed PHP warning on PHP 5.3 (fabpot)
3b9902a enabled PHP 5.6 for tests
cd7fe02 bug #11179 [Process] Fix ExecutableFinder with open basedir (cs278)
b8f8c0e [Process] Fix ExecutableFinder with open basedir
fa2d337 bug #11242 [CssSelector] Refactored the CssSelector to remove the circular object graph (stof)
994f81f Refactored the CssSelector to remove the circular object graph
1045adf bug #11219 [DomCrawler] properly handle buttons with single and double quotes insid... (xabbuh)
84be8de minor #11230 Fix mocks to support >=5.5.14 and >=5.4.30 (jpauli)
1c5c694 Fix mocks to support >=5.5.14 and >=5.4.30
7b2e3d9 [ClassLoader] fixed PHP warning on PHP 5.3
7b0ed91 minor #11225 [Validator] added Lithuanian translation for empty file (Tadcka)
a954083 [Validator] added Lithuanian translation for empty file
803b06b bug #11220 [Components][Serializer] optional constructor arguments can be omitted during the denormalization process (xabbuh)
05c51f5 minor #11203 Added missing dutch translations (WouterJ)
bd9283e Added missing dutch translations
5bb2345 [Components][Serializer] optional constructor arguments can be omitted during the denormalization process
cbbdbe4 [DomCrawler] properly handle buttons with single and double quotes inside the name attribute
f6eb9b6 minor #11201 [Validator] Added missing pt and pt_BR translations (dcsg)
71a2b59 Added missing pt and pt_BR translations
0067952 minor #11195 [Validator] Add missing ru translations (megazoll)
71eb8a8 [Validator] Add missing ru translations
f45f2df minor #11191 [Tests] fix tests due to recent changes in PHP's behavior (xabbuh)
bc8042d don't disable constructor calls to mockups of classes that extend internal PHP classes
f4a3c7a special handling for the JsonDescriptor to work around changes in PHP's JSON pretty printer
f2bdc22 fixed previous merge
b387477 Merge branch '2.3' into 2.4
eeeae94 minor #11187 [Tests] don't disable constructor calls to mockups of classes that extend intern... (xabbuh)
ff00dcc bug #11186 Added missing `break` statement (apfelbox)
5af2802 Added missing `break` statement
2c726b8 don't disable constructor calls to mockups of classes that extend internal PHP classes
96bc061 minor #11182 Small comment update according to PSR-2 (apfelbox)
31b1dff Small comment update according to PSR-2
7d4f4f2 bug #11169 [Console] Fixed notice in DialogHelper (florianv)
ff6c65e [Console] Fixed notice in DialogHelper
fbf92e5 bug #11144 [HttpFoundation] Fixed Request::getPort returns incorrect value under IPv6 (kicken)
bd11e92 minor #11136 [Filesystem] Fix test suite on OSX (romainneutron)
2a0e8e3 [HttpFoundation] Fixed Request::getPort returns incorrect value under IPv6
e26f08e [Filesystem] Fix test suite on OSX
185aafa minor #11077 [TwigBundle] [Tests] Add framework-bundle (clemens-tolboom)
a12471d Add framework-bundle
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Ensure the storage exists before purging it in ProfilerTest
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11319
| License | MIT
| Doc PR | None
Commits
-------
eb63270 bug #11319 [HttpKernel] Ensure the storage exists before purging it in ProfilerTest
This PR was merged into the 2.4 branch.
Discussion
----------
[SecurityBundle] Remove Expression Language services when the component is unavailable
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The Expression Language isn't a dependency of the SecurityBundle, but ExpressionVoter is still added if it isn't installed, leading to a class not found fatal error. This removes the services (alternatively the services could be moved to a different file and added if it is installed).
Commits
-------
557a82a Remove Expression Language services when the component is unavailable
This PR was merged into the 2.3 branch.
Discussion
----------
Simplified the Travis test command
There is no reason to turn a failure into a different failure. And this will avoid Travis to say that the "false" command failed.
Commits
-------
e8d01c9 Simplified the Travis test command
This PR was submitted for the 2.5 branch but it was merged into the 2.3 branch instead (closes#11238).
Discussion
----------
[Translation] Added unescaping of ids in PoFileLoader
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Although it is not directly described in gettext docs, _msgid_ should be unescaped too. The other reason to unescape _msgid_ is symmetry between ```PoFileLoader``` and ```PoFileDumper```. The dumper escapes both _msgid_ and _msgstr_ values, but the loader unescapes only _msgstr_.
Commits
-------
816a4a9 [Translation] Added unescaping of ids in PoFileLoader