This PR was merged into the 2.1 branch.
Discussion
----------
[Validator] added missing estonian translation of messages
| Q | A
| ------------- | ---
| Fixed tickets | -
| License | MIT
Commits
-------
efff50a [Validator] added missing estonian translation of messages
This PR was submitted for the master branch but it was merged into the 2.1 branch instead (closes#7752).
Discussion
----------
Filesystem::touch() not working with different owners (utime/atime issue)
This PR was submitted on the symfony/Filesystem read-only repository and moved automatically to the main Symfony repository (closessymfony/Filesystem#3).
Case: I have 2 users, www-data and myself. I have a command script that makes a lock file in /var/lock/.../ something. This command is called from a post request by FOS and ran in the background. Whever one of the 2 methods (web/cli manually) is used, the other user won't have permissions to use the Filesystem::touch(). The reason this won't work is the second parameter.
What touch() does:
$touch param: The touch time. If time is not supplied, the current system time is used.
$atime param: If present, the access time of the given filename is set to the value of atime. Otherwise, it is set to the value passed to the time parameter. If neither are present, the current system time is used.
So the current code is basically copying this. However, if the second parameter is null it is still present and will cause the same problem. Note that all files and folders related are set to 0777 and have the owner of www-data. I'm accessing them under my own account here:
Interactive shell
php > var_dump(touch('/var/lock/tripolis/ontw/dev/2140191804.lock', null));
PHP Warning: touch(): Utime failed: Operation not permitted in php shell code on line 1
Warning: touch(): Utime failed: Operation not permitted in php shell code on line 1
bool(false)
php > var_dump(touch('/var/lock/tripolis/ontw/dev/2140191804.lock'));
bool(true)
If I were to pass it without second parameter, let it be time() or null (Filesystem uses time() by default if not present), it DOES work. However, Filesystem::touch() ALWAYS gives a parameter to touch. This parameter is exactly the same value as what the function itself would do in php. Let it be that in my case there is an issue with the atime. I'm not exactly sure how it works but it's not tracked or usable in my case. Because parameter 2 exists, parameter 3 is set. Parameter 3 is not allowed and therefore causes Filesystem::touch() to throw an exception.
Commits
-------
e3a0fe6 Filesystem::touch() not working with different owners (utime/atime issue)
This PR was merged into the 2.1 branch.
Discussion
----------
[BrowserKit] fixed detection of secure cookies received over https
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7666, #7738
| License | MIT
| Doc PR | N/A
As reported in symfony/symfony#7666, BrowserKit's cookie handling only recognises a secure cookie if the cookie option is set and the cookie was set over an https request. The client was not passing the url into the cookiejar update code, causing Cookie::isSecure() to always return false for every cookie.
I have corrected this behaviour and added an additional unit test to prove the bug and fix.
Commits
-------
36d057b [HttpFoundation][BrowserKit] fixed path when converting a cookie to a string
c884151 [BrowserKit] removed dead code
495d0e3 [HttpFoundation] fixed empty domain= in Cookie::__toString()
c2bc707 fixed detection of secure cookies received over https
BrowserKit's cookie handling only recognises a secure cookie if the
cookie option is set and the cookie was set over an https request.
The client was not passing the url into the cookiejar update code,
causing Cookie::isSecure() to always return false for every cookie.
Fixessymfony/symfony#7666
This PR was merged into the 2.1 branch.
Discussion
----------
[HttpFoundation] fixes creation of sub requests under IIS & Rewite Module
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6936, #6923
| License | MIT
| Doc PR | N/A
There are a few bugs to address.
1. `HTTP_X_ORIGINAL_URL` wasn't removed from the server parameters, so is picked back up [here](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpFoundation/ServerBag.php#L33) upon recreation of a sub request.
2. When `X_ORIGINAL_URL` is passed in the headers by IIS, `IIS_WasUrlRewritten` and `UNENCODED_URL` can also be passed as server vars, so they must also be removed for sub request URI's to be resolved correctly.
Additionally, I have removed the OS check for windows, because it was only done for 2 out of 4 of the IIS specific checks, and it made the code untestable.
Also added tests for all scenarios as there were none.
Commits
-------
9fcd2f6 [HttpFoundation] fixed the creation of sub-requests under some circumstances for IIS
This PR was squashed before being merged into the 2.1 branch (closes#7698).
Discussion
----------
[Translator] added additional conversion for encodings other than utf-8
Added an additional conversion if there is another encoding in the
xlf file present. Values from simple_xml are always utf-8 encoded.
Also added some tests to verify this new behaviour.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Commits
-------
54bcf5c [Translator] added additional conversion for encodings other than utf-8
This PR was merged into the 2.1 branch.
Discussion
----------
[DependencyInjection] Fix a DI circular reference recognition bug
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets |
| License | MIT
| Doc PR |
plus add ability to detect deeper circular references eg: A -> B -> C -> B
Commits
-------
8a434ed fix a DI circular reference recognition bug
This PR was submitted for the 2.2 branch but it was merged into the 2.1 branch instead (closes#7690).
Discussion
----------
[Console] Fix default value handling for multi-value options
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7689
| License | MIT
The default value for array options will be an array, so it is not suitable to use as the default when processing one of many values for a multi-value option. Using null seems appropriate here, as it indicates the absence of a value and also converts nicely to an empty string (as opposed to an empty array).
Commits
-------
a9c28ff [Console] Fix default value handling for multi-value options
The default value for array options will be an array, so it is not suitable to use as the default when processing one of many values for a multi-value option. Using null seems appropriate here, as it indicates the absence of a value and also converts nicely to an empty string (as opposed to an empty array).
Fixes#7689
This PR was merged into the 2.1 branch.
Discussion
----------
Disabled APC on Travis for PHP 5.5+ as it is not available
As APC is not available, PHP triggers a warning when trying to load the extension, which lead to many test failures.
Commits
-------
6084176 Disabled APC on Travis for PHP 5.5+ as it is not available
This PR was merged into the 2.1 branch.
Discussion
----------
[HttpFoundation] do not use server variable PATH_INFO
because it is already decoded (see http://www.ietf.org/rfc/rfc3875) and thus symfony is fragile to double encoding of the path. This is not really a security issue (in contrast to a [previous problem](http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released)) but when using the apacherequest, one could access pages with double encoded characters although the path should not match.
BC break: no
tests pass: yes
Commits
-------
d552e4c [HttpFoundation] do not use server variable PATH_INFO because it is already decoded and thus symfony is fragile to double encoding of the path
This PR was merged into the 2.1 branch.
Discussion
----------
[HttpFoundation] Fixed bug in key searching for NamespacedAttributeBag
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7564
| License | MIT
| Doc PR | N/A
Fixed a bug in NamespacedAttributeBag causing a result to be falsely found when
the last key of the attribute matched the last of the queried name regardless of
if the key did not exist in the search.
Added Tests to demonstrate the issue and resolved by setting keys to null when
iterating through query and returning proper responses in the case that the
given array does in fact not exist.
Commits
-------
0f0c29c [HttpFoundation] Fixed bug in key searching for NamespacedAttributeBag
This PR was merged into the 2.1 branch.
Discussion
----------
[Routing][XML Loader] Add a possibility to set a default value to null
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/7335
| License | MIT
Example:
<route id="acme_user_show" pattern="/{id}">
<default key="_controller">AcmeUserBundle:User:show</default>
<default key="id" xsi:nil="true" />
</route>
Commits
-------
94a9cdc [Routing][XML Loader] Add a possibility to set a default value to null
This PR was merged into the 2.1 branch.
Discussion
----------
[Form] DateTimeToRfc3339Transformer use proper transformation exteption in reverse transformation
Handle _Exception_ throwed by DateTime constructor if an invalid date is passed.
Then throws proper transformation exception.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
7fc429f [Form] DateTimeToRfc3339Transformer use proper transformation exteption in reverse transformation
This PR was submitted for the master branch but it was merged into the 2.1 branch instead (closes#7624).
Discussion
----------
[FrameworkBundle] RegisterKernelListenersPass: Removed and replaced use of deprecated preg_match() /e modifier with regards to PHP 5.5
More information: https://wiki.php.net/rfc/remove_preg_replace_eval_modifier
As of beta 2 of PHP 5.5, the above is implemented. Attempting to run the current version of Symfony FrameworkBundle (or 2.1) will cause an `ErrorException`.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
c1e98b9 The /e modifier for preg_replace() is deprecated in PHP 5.5; replace with preg_replace_callback()
Fixed a bug in NamespacedAttributeBag causing a result to be falsely found when
the last key of the attribute matched the last of the queried name regardless of
if the key did not exist in the search.
Added Tests to demonstrate the issue and resolved by setting keys to null when
iterating through query and returning proper responses in the case that the
given array does in fact not exist.
* Updated Syntax of null checks
* Fixing missing else case for if statement in write context
This PR was merged into the 2.1 branch.
Discussion
----------
[HttpFoundation] getClientIp is fixed.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | no
The getClientIp now returns ip of the earliest server in a proxy chain when all the servers in the chain are trusted proxies. Before this patch the getClientIp used to return null at such condition.
Some appropriate tests are added.
Commits
-------
c4da2d9 [HttpFoundation] getClientIp is fixed.
This PR was submitted for the 2.2 branch but it was merged into the 2.1 branch instead (closes#7600).
Discussion
----------
[Templating] Update PhpEngine.php
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
just a minor phpdoc fix
Commits
-------
171b41f Update PhpEngine.php
This PR was submitted for the master branch but it was merged into the 2.1 branch instead (closes#7537).
Discussion
----------
#7531: [HttpKernel][Config] FileLocator adds NULL as global resource path
Fixed FileLocator in HttpKernel\Config package if global path ($path) is NULL (default).
Commits
-------
8a8239d #7531: [HttpKernel][Config] FileLocator adds NULL as global resource path
This PR was submitted for the 2.2 branch but it was merged into the 2.1 branch instead (closes#7589).
Discussion
----------
[2.2][Console] Fix autocompletion of command names when namespaces conflict
Fixes#7234
Currently autocompletion of namespaces works on *all* namespaces at once. This fixes it to only search inside subnamespaces once we matched the first level namespace. Otherwise if you have `api:doc` and `generate:doctrine:entity` commands, typing `gen:doc:entity` trips it up because it thinks "doc" is "api:doc", and you end up with a completed name of `generate:doc:entity` which does not match any command.
Commits
-------
fa465b1 [2.2][Console] Fix autocompletion of command names when namespaces conflict