This PR was squashed before being merged into the 2.3 branch (closes#14678).
Discussion
----------
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14577
| License | MIT
| Doc PR | no
`AbstractRememberMeServices::encodeCookie()` guards against `COOKIE_DELIMITER` in `$cookieParts`.
* it would make `AbstractRememberMeServices::cookieDecode()` broken
* all current extending classes do it anyway (see #14670 )
* added tests – it's not a public method, but it is expected to be used by user implementations – as such, it's good to know that it works properly
Commits
-------
464c39a [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Handle an array vary header in the http cache store
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12118
| License | MIT
| Doc PR | -
Commits
-------
5930800 [HttpKernel] Handle an array vary header in the http cache store
This PR was submitted for the 2.7 branch but it was merged into the 2.3 branch instead (closes#14513).
Discussion
----------
[console][formater] allow format toString object.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Fixed tickets | ~
| Tests pass? | yes
| License | MIT
reported by @micayael ( https://twitter.com/juanardissone/status/593859683502325761 )
Commits
-------
70b4964 [console][formater] allow format toString object.
This PR was squashed before being merged into the 2.3 branch (closes#14335).
Discussion
----------
[HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13617
| License | MIT
| Doc PR |
When the script filename is just /index.php, dirname() returns '/' for it. In Request::prepareBaseUrl() we append '/' to it (as introduced in #13039), which is wrong in this scenario as the resulting string is '//'.
When we rtrim('/') the output of dirname() then '/' would be constructed in this case, and in all other cases it makes no difference as dirname() already trims the right forward slash if there are path segments.
The test-cases should clarify the exact scenario.
Commits
-------
f24a6dd [HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
This PR was submitted for the 2.7 branch but it was merged into the 2.3 branch instead (closes#14593).
Discussion
----------
[Security][Firewall] Avoid redirection to XHR URIs
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
If `security.firewalls.main.form_login.always_use_default_target_path` is false, an user could be redirected to an URL called by an AJAX request after the login.
Commits
-------
9ee74ea Avoid redirection to XHR URIs
This PR was merged into the 2.3 branch.
Discussion
----------
[DomCrawler] Throw an exception if a form field path is incomplete
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11807
| License | MIT
| Doc PR | -
Commits
-------
991e65c [DomCrawler] Throw an exception if a form field path is incomplete.
This PR was merged into the 2.3 branch.
Discussion
----------
[Console] Delete duplicate test in CommandTest
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
The __get method is not implemented in the Command class, and the deleted test was duplicated with the preceding one.
Commits
-------
4a4eda9 [Console] Delete duplicate test in CommandTest
This PR was merged into the 2.6 branch.
Discussion
----------
[2.6] Fix HTML escaping of to-source links
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14694
| License | MIT
| Doc PR | -
Commits
-------
eecd197 [2.6] Fix HTML escaping of to-source links
e9bb160 ExceptionHandler: More Encoding
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] Fix HTML escaping of to-source links
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
385a6b7 Fix HTML escaping of to-source links
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#14690).
Discussion
----------
[HttpFoundation] IpUtils::checkIp4() should allow `/0` networks
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14674
| License | MIT
Technically it's a breaking change, since the result of the
IpUtils::checkIp4('1.2.3.4', '0.0.0.0/0')
call was `false` now `true`.
Practically - no one should ever relied on this since it's simply wrong
Commits
-------
921ecff [HttpFoundation] IpUtils::checkIp4() should allow networks
This PR was merged into the 2.6 branch.
Discussion
----------
Fix the rendering of deprecation log messages
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14695
| License | MIT
| Doc PR | n/a
A Twig variable was removed by mistake in #14182
Commits
-------
8b6efff Fix the rendering of deprecation log messages
This PR was submitted for the 2.7 branch but it was merged into the 2.3 branch instead (closes#14681).
Discussion
----------
[FrameworkBundle] Removed unnecessary parameter in TemplateController
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | They should
| License | MIT
`Response::setPublic()` doesn't have any parameters, so this parameter call is not needed.
Commits
-------
7a4394e [FrameworkBundle] Removed unnecessary parameter in TemplateController
This PR was merged into the 2.6 branch.
Discussion
----------
Fixed the indentation in the compiled template for the DumpNode
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
The Twig codebase is very careful at making compiled templates readable by formatting them properly. This fixes a case where Symfony does not respect this careful formatting (yes, I went debugging things into my compiled template today)
Commits
-------
9106ddb Fixed the indentation in the compiled template for the DumpNode
This PR was submitted for the 2.7 branch but it was merged into the 2.3 branch instead (closes#14262).
Discussion
----------
[TwigBundle] Refresh twig paths when resources change.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Fixed tickets | ~
| Tests pass? | yes
| License | MIT
Commits
-------
cafb0d7 [TwigBundle] Refresh twig paths when resources change.
This PR was merged into the 2.3 branch.
Discussion
----------
[ServerBag] Handled bearer authorization header in REDIRECT_ form
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Apache rewrite module renames client request
header (`HTTP_`) by prepending `REDIRECT_` to
it. http basic authentication and http digest
authentication are properly processed in
REDIRECT_ form, while bearer is processed in
HTTP_ form, but dropped in REDIRECT_ form.
Example:
The following auth headers are handled in ServerBag,
```
HTTP_AUTHORIZATION => Basic aGVsbG86d29ybGQ=
REDIREDCT_HTTP_AUTHOIZATION => Basic aGVsbG86d29ybGQ=
HTTP_AUTHORIZATION => Digest blah
REDIRECT_HTTP_AUTHORIZATION => Digest blah
HTTP_AUTHORIZATION => Bearer mF_9.B5f-4.1JqM
```
while
```
REDIRECT_HTTP_AUTHORIZATION => Bearer mF_9.B5f-4.1JqM
```
is dropped.
Commits
-------
7b2e2df Handled bearer authorization header in REDIRECT_ form
This PR was submitted for the 2.7 branch but it was merged into the 2.3 branch instead (closes#13637).
Discussion
----------
[CSS] WebProfiler break words
WebProfiler CSS word-break: break-all;
Do you need more description ?
Commits
-------
7259d72 WebProfiler break words
This PR was merged into the 2.3 branch.
Discussion
----------
[Framework] added test for router commands.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Fixed tickets | ~
| Tests pass? | yes
| License | MIT
- [x] router:debug
- [x] router:match
Commits
-------
6d403a7 [Framework] added test for Router commands.
This PR was merged into the 2.6 branch.
Discussion
----------
[Console] Remove a useless assert in QuestionHelperTest
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This assert was pretty useless, as it is unreachable under expected circumstances, and does not bring anything to this test purpose otherwise.
Commits
-------
55b2361 [Console] Remove a useless assert in QuestionHelperTest
This PR was merged into the 2.3 branch.
Discussion
----------
[Security][Translation] fixes#14584
| Q | A
| ------------- | ---
| Fixed tickets | #14584
| License | MIT
Some french translations are wrong in the security component.
As #14587 has been closed here's my fix.
Commits
-------
34c780f [Security][Translation] fixes#14584
This PR was merged into the 2.6 branch.
Discussion
----------
[Bridge\Twig] Adding a space between the icon and the error message
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14557
| License | MIT
| Doc PR |
Commits
-------
d0f6342 [Form] Test for space in AbstractBootstrap3LayoutTest::testErrors
7a1fac2 Adding a space between the icon and the error message
* 2.3:
Fix tests in HHVM
CS: Pre incrementation/decrementation should be used if possible
Conflicts:
src/Symfony/Bundle/TwigBundle/Command/LintCommand.php
src/Symfony/Component/Console/Helper/TableHelper.php
src/Symfony/Component/EventDispatcher/Tests/EventDispatcherTest.php
src/Symfony/Component/HttpKernel/DataCollector/LoggerDataCollector.php
src/Symfony/Component/HttpKernel/HttpCache/EsiResponseCacheStrategy.php
src/Symfony/Component/Security/Acl/Dbal/AclProvider.php
src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php