This PR was merged into the 2.3 branch.
Discussion
----------
CS fixes for 2.3
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
To keep fabbot.io happy ;)
Commits
-------
464b67e fix CS
This PR was squashed before being merged into the 2.3 branch (closes#14738).
Discussion
----------
[HttpFoundation] Get response content as resource several times for PHP >= 5.6
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Since PHP 5.6, `php://input` can be opened several times.
Commits
-------
9f9b0f7 [HttpFoundation] Get response content as resource several times for PHP >= 5.6
- resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString
-resolved implicit magic methods calls
-resolved callable name case mismatches
This PR was squashed before being merged into the 2.3 branch (closes#14335).
Discussion
----------
[HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13617
| License | MIT
| Doc PR |
When the script filename is just /index.php, dirname() returns '/' for it. In Request::prepareBaseUrl() we append '/' to it (as introduced in #13039), which is wrong in this scenario as the resulting string is '//'.
When we rtrim('/') the output of dirname() then '/' would be constructed in this case, and in all other cases it makes no difference as dirname() already trims the right forward slash if there are path segments.
The test-cases should clarify the exact scenario.
Commits
-------
f24a6dd [HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
This PR was merged into the 2.3 branch.
Discussion
----------
[ServerBag] Handled bearer authorization header in REDIRECT_ form
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Apache rewrite module renames client request
header (`HTTP_`) by prepending `REDIRECT_` to
it. http basic authentication and http digest
authentication are properly processed in
REDIRECT_ form, while bearer is processed in
HTTP_ form, but dropped in REDIRECT_ form.
Example:
The following auth headers are handled in ServerBag,
```
HTTP_AUTHORIZATION => Basic aGVsbG86d29ybGQ=
REDIREDCT_HTTP_AUTHOIZATION => Basic aGVsbG86d29ybGQ=
HTTP_AUTHORIZATION => Digest blah
REDIRECT_HTTP_AUTHORIZATION => Digest blah
HTTP_AUTHORIZATION => Bearer mF_9.B5f-4.1JqM
```
while
```
REDIRECT_HTTP_AUTHORIZATION => Bearer mF_9.B5f-4.1JqM
```
is dropped.
Commits
-------
7b2e2df Handled bearer authorization header in REDIRECT_ form
This PR was merged into the 2.3 branch.
Discussion
----------
CS: Pre incrementation/decrementation should be used if possible
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Fixes provided by new fixer: https://github.com/FriendsOfPHP/PHP-CS-Fixer/pull/1113
If this pr is merged I would change the level of the fixer to `symfony`.
Commits
-------
c5123d6 CS: Pre incrementation/decrementation should be used if possible
This PR was merged into the 2.3 branch.
Discussion
----------
CS: Convert double quotes to single quotes
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Changes generated automatically by upcoming PHP CS Fixer.
To keep fabbot.io happy ;)
Commits
-------
f99c22c CS: Convert double quotes to single quotes
Apache rewrite module renames client request
header (`HTTP_`) by prepending `REDIRECT_` to
it. http basic authentication and http digest
authentication are properly processed in
REDIRECT_ form, while bearer is processed in
HTTP_ form, but dropped in REDIRECT_ form.
This PR was squashed before being merged into the 2.3 branch (closes#13039).
Discussion
----------
[HttpFoundation] [Request] fix baseUrl parsing to fix wrong path_info
Hi everyone!
We at trivago had an issue with the Request object. It seems that all versions of symfony 2.x and 3.x are affected from this (possible) bug (don't checked 1.x).
Here is the problem:
some old legacy pages are deployed in the Document Root, let's say /var/www/www.test.com/ .
one or more new applications based on symfony are deployed to /var/release/new_app1/ , /var/release/new_app2/ , ... .
in /var/www/www.test.com/ there is a symlink "app" to /var/release/new_app1/web, like:
/var/www/www.test.com/app --> /var/release/new_app1/web/
there is a "SEO"/human-readable rewrite rule for Document Root (if called path/file not exist): (.*) --> app/app.php
the problem comes, when the user calls a uri starting with "app" or whatever the rewrite rule / symlink points to:
the user calls "http://www.test.com/apparthotel-1234"
results in $_SERVER parameters like this
```
'DOCUMENT_ROOT' =>'/var/www/www.test.com',
'SCRIPT_FILENAME' => '/var/www/www.test.com/app/app.php',
'SCRIPT_NAME' => '/app/app.php',
'PHP_SELF' => '/app/app.php/apparthotel-1234'
```
in Request::prepareBaseUrl() there are checks to find the baseUrl:
```
if ($baseUrl && false !== $prefix = $this->getUrlencodedPrefix($requestUri, $baseUrl)) {
// full $baseUrl matches
return $prefix;
}
if ($baseUrl && false !== $prefix = $this->getUrlencodedPrefix($requestUri, dirname($baseUrl))) {
// directory portion of $baseUrl matches
return rtrim($prefix, '/');
}
```
first it is checked if (in our case) "/app/app.php" is in the request uri (/apparthotel-1234).
it's not.
then it takes the dirname (of /app/app.php) which is /app and checks if it is in the request uri (/apparthotel-1234), and YES, it is! and "/app" is returned, but this is wrong, it should be empty (because it comes from a rewrite rule from root: /)!
later in preparePathInfo(), if there is a baseUrl, then the baseUrl is removed from the request uri:
/apparthotel-1234 ---> /arthotel-1234
The cause is, the second baseUrl check, checks if the path of the application is already in the uri, like when the request was "http://www.test.com/app/apparthotel-1234" and hit a rewrite rule like (.*) --> app.php in there, but because it matches a directory it must match "dirname($baseUrl) . '/'".
I also needed to fix one unit test of the getBaseUrl test:
the request uri recently was "/foo%20bar".
but from the $_SERVER infos "foo bar" is a directory, see:
```
'SCRIPT_FILENAME' => '/home/John Doe/public_html/foo bar/app.php',
'SCRIPT_NAME' => '/foo bar/app.php',
'PHP_SELF' => '/foo bar/app.php',
```
webservers will redirect a request "http://www.test.com/foo%20bar" to "http://www.test.com/foo%20bar/" when "foo bar" is a directory. checked this for apache 2.x and nginx 1.4.x.
this fix is for symfony master (3.0.x, see #13039).
I also prepared a merge request for actual 2.7 branch, it will also follow in some minutes. (see #13040)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | this, #13040, #13038, #7329
| License | MIT
[HttpFoundation] [Request]
* added missing slash to baseUrl-path part check to remove the path, only when it's also a path in the uri
[HttpFoundation] [Tests] [RequestTest]
* fixed and added unittests
This is the symfony 2.3 branch fix for the issue related to #13038 and #13040
Happy christmas!
Commits
-------
3a3ecd3 [HttpFoundation] [Request] fix baseUrl parsing to fix wrong path_info
PHPUnit ini_set wrapper is now used in tests to automatically reset
ini settings after the test is run. This avoids possible side effects
and test skipping.
Native ini_set is still used in DefaultCsrfProviderTest, but its
tests are run in isolation.
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] for consistency, use value of DIRECTORY_SEPARATOR to detect Windows
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This commit unifies the detection of Windows builds across the Symfony
codebase.
Commits
-------
20a427d use value of DIRECTORY_SEPARATOR to detect Windows
This removes the unused use statements which were not catched by
PHP-CS-Fixer because of string occurences. It also fixes some invalid
phpdoc (scalar is not recognized as a valid type for instance).
This PR was merged into the 2.3 branch.
Discussion
----------
No global state for isolated tests and other fixes
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
By default, phpunit preserves global state for isolated processes. This made the tests break on my laptop.
Other tweaks included.
In branch 2.5, `src/Symfony/Component/Security/Csrf/Tests/TokenStorage/NativeSessionTokenStorageTest.php` also misses the `@preserveGlobalState disabled` annotation. Please add it when merging
Commits
-------
750f3a6 No global state for isolated tests and other fixes
To let opcode caches optimize cached code, the `PHP_VERSION_ID`
constant is used to detect the current PHP version instead of calling
`version_compare()` with `PHP_VERSION`.