* 3.4:
fix merge
[Security] Fix logout
Cleanup 2 tests for the HttpException classes
#27250 limiting GET_LOCK key up to 64 char due to changes in MySQL 5.7.5 and later
[Config] Fix tests when path contains UTF chars
[DI] Shared services should not be inlined in non-shared ones
[Profiler] Remove propel & event_listener_loading category identifiers
[Filesystem] Fix usages of error_get_last()
[Cache][Lock] Fix usages of error_get_last()
[Debug] Fix populating error_get_last() for handled silent errors
[DI] Display previous error messages when throwing unused bindings
Suppress warnings when open_basedir is non-empty
* 2.8:
[Security] Fix logout
#27250 limiting GET_LOCK key up to 64 char due to changes in MySQL 5.7.5 and later
[Profiler] Remove propel & event_listener_loading category identifiers
[Filesystem] Fix usages of error_get_last()
[Debug] Fix populating error_get_last() for handled silent errors
Suppress warnings when open_basedir is non-empty
* 2.7:
[Security] Fix logout
#27250 limiting GET_LOCK key up to 64 char due to changes in MySQL 5.7.5 and later
[Profiler] Remove propel & event_listener_loading category identifiers
[Filesystem] Fix usages of error_get_last()
[Debug] Fix populating error_get_last() for handled silent errors
Suppress warnings when open_basedir is non-empty
* 4.0:
use brace-style regex delimiters
Fixed typo RecursiveIterator -> RecursiveIteratorIterator
[Cache] fix logic for fetching tag versions on TagAwareAdapter
[FrameworkBundle] Remove dead code
[FrameworkBundle] Use the correct service id for CachePoolPruneCommand in its compiler pass
Hide short exception trace by default
[Doctrine Bridge] fix priority for doctrine event listeners
[Validator] make phpdoc of ObjectInitializerInterface interface more accurate
[Validator] fixes phpdoc reference to an interface that was removed in Symfony 3.0
* 3.4:
use brace-style regex delimiters
Fixed typo RecursiveIterator -> RecursiveIteratorIterator
[Cache] fix logic for fetching tag versions on TagAwareAdapter
[FrameworkBundle] Use the correct service id for CachePoolPruneCommand in its compiler pass
Hide short exception trace by default
[Doctrine Bridge] fix priority for doctrine event listeners
[Validator] make phpdoc of ObjectInitializerInterface interface more accurate
[Validator] fixes phpdoc reference to an interface that was removed in Symfony 3.0
* 2.8:
use brace-style regex delimiters
Fixed typo RecursiveIterator -> RecursiveIteratorIterator
[Validator] make phpdoc of ObjectInitializerInterface interface more accurate
* 2.7:
use brace-style regex delimiters
Fixed typo RecursiveIterator -> RecursiveIteratorIterator
[Validator] make phpdoc of ObjectInitializerInterface interface more accurate
* 4.0:
PhpDoc: There is no attempt to create the directory
Avoiding an error when an unused service has a missing base class
Add an implementation just for php 7.0
bumped Symfony version to 2.7.47
Fix#27011: Session ini_set bug
[Cache] TagAwareAdapterInterface::invalidateTags() should commit deferred items
updated VERSION for 2.7.46
update CONTRIBUTORS for 2.7.46
updated CHANGELOG for 2.7.46
bug #25844 [HttpKernel] Catch HttpExceptions when templating is not installed
* 3.4:
PhpDoc: There is no attempt to create the directory
Avoiding an error when an unused service has a missing base class
Add an implementation just for php 7.0
bumped Symfony version to 2.7.47
Fix#27011: Session ini_set bug
[Cache] TagAwareAdapterInterface::invalidateTags() should commit deferred items
updated VERSION for 2.7.46
update CONTRIBUTORS for 2.7.46
updated CHANGELOG for 2.7.46
bug #25844 [HttpKernel] Catch HttpExceptions when templating is not installed
* 2.8:
bumped Symfony version to 2.7.47
Fix#27011: Session ini_set bug
updated VERSION for 2.7.46
update CONTRIBUTORS for 2.7.46
updated CHANGELOG for 2.7.46
* 2.7:
bumped Symfony version to 2.7.47
Fix#27011: Session ini_set bug
updated VERSION for 2.7.46
update CONTRIBUTORS for 2.7.46
updated CHANGELOG for 2.7.46
This PR was squashed before being merged into the 4.1-dev branch (closes#27019).
Discussion
----------
[HttpFoundation] Fixes to new HeaderUtils class
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
A follow-up to #24699 with a few code and documentation fixes for post-merge review comments by @stof.
Commits
-------
d7c3c79042 [HttpFoundation] Fixes to new HeaderUtils class
* 4.0: (22 commits)
[appveyor] use PHP 7.1 to run composer
[HttpKernel] Don't clean legacy containers that are still loaded
[VarDumper] Fix HtmlDumper classes match
Make the simple auth provider the same as in Symfony 2.7.
[PhpUnitBridge] silence wget
fix merge
[Security] guardAuthenticationProvider::authenticate cannot return null according to interface specification
[PhpUnitBridge] Fix#26994
[VarDumper] Remove decoration from actual output in tests
[PropertyInfo] Minor cleanup and perf improvement
[Bridge/Doctrine] fix count() notice on PHP 7.2
[Security] Skip user checks if not implementing UserInterface
[DI] Add check of internal type to ContainerBuilder::getReflectionClass
[HttpFoundation] Add HTTP_EARLY_HINTS const
[DoctrineBridge] Improve exception message at `IdReader::getIdValue()`
Add type hints
fixed CS
Use new PHP7.2 functions in hasColorSupport
[VarDumper] Fix dumping of SplObjectStorage
[HttpFoundation] Add functional tests for Response::sendHeaders()
...
* 3.4: (22 commits)
[appveyor] use PHP 7.1 to run composer
[HttpKernel] Don't clean legacy containers that are still loaded
[VarDumper] Fix HtmlDumper classes match
Make the simple auth provider the same as in Symfony 2.7.
[PhpUnitBridge] silence wget
fix merge
[Security] guardAuthenticationProvider::authenticate cannot return null according to interface specification
[PhpUnitBridge] Fix#26994
[VarDumper] Remove decoration from actual output in tests
[PropertyInfo] Minor cleanup and perf improvement
[Bridge/Doctrine] fix count() notice on PHP 7.2
[Security] Skip user checks if not implementing UserInterface
[DI] Add check of internal type to ContainerBuilder::getReflectionClass
[HttpFoundation] Add HTTP_EARLY_HINTS const
[DoctrineBridge] Improve exception message at `IdReader::getIdValue()`
Add type hints
fixed CS
Use new PHP7.2 functions in hasColorSupport
[VarDumper] Fix dumping of SplObjectStorage
[HttpFoundation] Add functional tests for Response::sendHeaders()
...
* 2.8:
[Security] guardAuthenticationProvider::authenticate cannot return null according to interface specification
[VarDumper] Remove decoration from actual output in tests
[PropertyInfo] Minor cleanup and perf improvement
[Bridge/Doctrine] fix count() notice on PHP 7.2
[Security] Skip user checks if not implementing UserInterface
[HttpFoundation] Add HTTP_EARLY_HINTS const
[DoctrineBridge] Improve exception message at `IdReader::getIdValue()`
fixed CS
Use new PHP7.2 functions in hasColorSupport
[VarDumper] Fix dumping of SplObjectStorage
Fixed being logged out on failed attempt in guard
* 2.7:
[VarDumper] Remove decoration from actual output in tests
[Bridge/Doctrine] fix count() notice on PHP 7.2
[Security] Skip user checks if not implementing UserInterface
[HttpFoundation] Add HTTP_EARLY_HINTS const
[DoctrineBridge] Improve exception message at `IdReader::getIdValue()`
fixed CS
Use new PHP7.2 functions in hasColorSupport
[VarDumper] Fix dumping of SplObjectStorage
This PR was merged into the 4.1-dev branch.
Discussion
----------
[HttpFoundation] Add HeaderUtils class
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
In several places in HttpFoundation we parse HTTP header values using a variety of regular expressions. Some of them fail in various corner cases.
Parsing HTTP headers is not entirely trivial. We must be able to parse quoted strings with backslash escaping properly and ignore white-space in certain places.
In practice, our limitations in this respect may not be a big problem. We only care about a few different HTTP request headers, and they are usually restricted to a simple values without quoted strings etc. However, this is no excuse for not doing it right :-)
This PR introduces a new utility class for parsing headers. This allows Symfony itself and third-party code to parse HTTP headers in a robust way without using complex regular expressions that are difficult to write and error prone.
Commits
-------
b435e80cae [HttpFoundation] Add HeaderUtility class
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] Send cookies using header() to fix "SameSite" ones
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25344
| License | MIT
| Doc PR | -
Commits
-------
73fec237da [HttpFoundation] Add functional tests for Response::sendHeaders()
e350ea000f [HttpFoundation] Send cookies using header() to fix "SameSite" ones
* 4.0:
Fix tests
PropertyInfo\DoctrineExtractor - There is bug when indexBy is meta key
Fix PercentType error rendering.
[minor] SCA
[Cache] Inline some hot function calls
fixed Silex project's URL
fixed deprecations in tests
fixed Twig URL
[Cache] Add missing `@internal` tag on ProxyTrait
fix formatting arguments in plaintext format
Fix PSR exception context key
Don't assume that file binary exists on *nix OS
Fix that ESI/SSI processing can turn a \"private\" response \"public\"
[Form] Fixed trimming choice values
fix rendering exception stack traces
[Routing] Fix loading multiple class annotations for invokable classes
* 3.4:
fixed deprecations in tests
fixed Twig URL
[Cache] Add missing `@internal` tag on ProxyTrait
fix formatting arguments in plaintext format
Fix PSR exception context key
Don't assume that file binary exists on *nix OS
Fix that ESI/SSI processing can turn a \"private\" response \"public\"
[Form] Fixed trimming choice values
fix rendering exception stack traces
[Routing] Fix loading multiple class annotations for invokable classes
* 2.8:
fixed Twig URL
Don't assume that file binary exists on *nix OS
Fix that ESI/SSI processing can turn a \"private\" response \"public\"
[Form] Fixed trimming choice values
* 2.7:
fixed Twig URL
Don't assume that file binary exists on *nix OS
Fix that ESI/SSI processing can turn a \"private\" response \"public\"
[Form] Fixed trimming choice values
This PR was merged into the 2.7 branch.
Discussion
----------
Don't assume that file binary exists on *nix OS
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Certain lightweight distributions such as Alpine Linux (popular for smaller Docker images) do not include it by default.
Commits
-------
e2c1f24fbd Don't assume that file binary exists on *nix OS
This PR was squashed before being merged into the 2.7 branch (closes#26643).
Discussion
----------
Fix that ESI/SSI processing can turn a "private" response "public"
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Under the condition that
* we are merging in at least one *embedded* response,
* all *embedded* responses are `public`,
* the *main* response is `private` and
* all responses use expiration-based caching (note: no `s-maxage` on the *main* response)
... the resulting response will turn to `Cache-Control: public`.
The real issue is that when all responses use expiration-based caching, a combined max age is computed. This is set on the *main* response using `Response::setSharedMaxAge()`, which implicitly sets `Cache-Control: public`.
The fix provided in this PR solves the problem by applying the same logic to the *main* response that is applied for *embedded* responses, namely that responses with `!Response::isCacheable()` will make the resulting response have `Cache-Control: private, no-cache, must-revalidate` and have `(s)max-age` removed.
This makes the change easy to understand, but makes responses uncacheable too often. This is because the `Response::isCacheable()` method was written to determine whether it is safe for a shared cache to keep the response, which is not the case as soon as a `private` response is involved. This might be improved upon in another PR.
Commits
-------
3d27b5946d Fix that ESI/SSI processing can turn a \"private\" response \"public\"
* 4.0:
[Yaml] Fix regression when trying to parse multiline
Add PHPDbg support to HTTP components
bumped Symfony version to 2.8.38
updated VERSION for 2.8.37
updated CHANGELOG for 2.8.37
bumped Symfony version to 2.7.45
updated VERSION for 2.7.44
update CONTRIBUTORS for 2.7.44
updated CHANGELOG for 2.7.44
Fix check of color support on Windows
* 3.4:
[Yaml] Fix regression when trying to parse multiline
Add PHPDbg support to HTTP components
bumped Symfony version to 2.8.38
updated VERSION for 2.8.37
updated CHANGELOG for 2.8.37
bumped Symfony version to 2.7.45
updated VERSION for 2.7.44
update CONTRIBUTORS for 2.7.44
updated CHANGELOG for 2.7.44
Fix check of color support on Windows
* 2.8:
Add PHPDbg support to HTTP components
bumped Symfony version to 2.8.38
updated VERSION for 2.8.37
updated CHANGELOG for 2.8.37
bumped Symfony version to 2.7.45
updated VERSION for 2.7.44
update CONTRIBUTORS for 2.7.44
updated CHANGELOG for 2.7.44
Fix check of color support on Windows