Quoted from the ticket it solves for future reference:
"I've been having issues with using htdigest auth (requirement for me to
work with) after upgrading to 2.1. Each time a resource is loaded, a
prompt is given for the HTTP Auth username and password, and Chrome does
not automatically respond to these 401 responses with the credentials it
already has. I've traced the issue to being caused by the HttpFoundation
Component, specifically Request.php.
The request class adds the PHP_AUTH_USER/PHP_AUTH_PW parameters to the
request URI (changes http://www.mysite.com requests to
http://user:pw@www.mysite.com) in getSchemeAndHttpHost(). This behaviour
is not specified in the HTTP RFC, and is incompatible with Chrome as of
Chrome 19, IE (as of IE 9) and has special behaviour in Firefox (prompts
the user to confirm they know they're logging into the site, which is an
ambiguous behaviour at best, but at least it's something if they're
going to support it for now).
This functionality was added about to HttpFoundation about a year ago,
but it really should be removed and standard protocol practices should
be followed. This practice makes it possible for cross-site tracking and
other malicious behaviours to be performed by hiding information in the
authorization headers, which explains why most browsers no longer
support or take exception with it.
The offending line is specifically this. Replacing it with return
$this->getScheme().'://'.$this->getHttpHost(); seems to solve the
problem."
Commits
-------
589a8b3 composer is available in travis workers
Discussion
----------
composer is available in travis workers
---------------------------------------------------------------------------
by bamarni at 2012-09-19T09:07:30Z
reverted
---------------------------------------------------------------------------
by stof at 2012-09-19T09:59:21Z
btw, in the 2.1 branch, the ``COMPOSER_ROOT_VERSION`` varaible should be set to ``2.1.x-dev``
---------------------------------------------------------------------------
by bamarni at 2012-09-19T14:44:48Z
@stof: ok, btw I don't understand the issue, deps are solvable without this, is it a workaround to make this package known as 2.1 even though it's not guessable with the branch name (eg. when using a feature branch for a PR)? I thought this was handled by the branch-alias.
---------------------------------------------------------------------------
by stof at 2012-09-19T15:54:05Z
@bamarni It is solvable in some cases but not in all of them. Sometimes, when being in a detached head (which is the case when Travis builds PRs), the guessing of the composer root version does not work, and so symfony dev deps depending on some symfony components (Doctrine) will fail because the guessed version would not match ``2.*`` (which is the Doctrine requirement for the components).
branch aliases have nothing to do with the guessing of the version for the root package.
---------------------------------------------------------------------------
by stof at 2012-09-19T15:55:25Z
btw, the only cases where COMPOSER_ROOT_VERSION could be needed is when some of your dependencies have a requirement on your root package. Otherwise, the root version is never needed by composer to resolve deps
---------------------------------------------------------------------------
by bamarni at 2012-09-19T16:52:52Z
@stof: in detached head indeed the version can't be guessed with git, so this change avoid potential issues with reciprocal dependencies (I guess it can also be solved by specifying a "version" in composer.json).
But I still don't get why you say branch aliases have nothing to do with the root package version, isn't the purpose of a "2.1-dev" branch-alias to be matched when specifying this package as a dependency with 2.1.*, no matter the branch name or if git is in detached head?
---------------------------------------------------------------------------
by stof at 2012-09-19T18:59:13Z
@bamarni a **branch** alias is about the aliasing the version of a branch. Look at how it is written. It tells composer that for Symfony, the ``dev-master`` version (so the master branch) should receive an alias ``2.2.x-dev``.
This alias will never help you if your root version cannot be guessed as being ``dev-master``.
---------------------------------------------------------------------------
by bamarni at 2012-09-19T20:43:19Z
ahh... in my mind branch alias was only an alias for the current branch, I forgot that it was a 'branch => alias' map, indeed in that case it can't help at all.
thx for the explanations ;)
Commits
-------
bb0e4c3 Fixed FlashBagInterface phpdoc, clarified UPGRADE docs
Discussion
----------
Fixed FlashBagInterface phpdoc, clarified upgrade doc
The fact that multiple flash messages are now stored/retrieved per type was an additional BC break that I missed when I first went through the 2.1 update doc, and it didn't help that the phpdoc was outdated.
These changes just clarify things a little.
---------------------------------------------------------------------------
by drak at 2012-09-20T07:45:52Z
+1
Commits
-------
7bafc69 Add a Sigchild compatibility mode (set to false by default)
Discussion
----------
[2.1][Process] Fix stop in non-sigchild environments
Bug fix: yes
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
License of the code: MIT
Fix#5030 in half way.
- `proc_terminate` now sends the `SIGTERM` to the real process, not the sh (add the exec prefix to remove the wrapper as suggested by @schmittjoh). So now, process will stop, except if you're working with a PHP compiled with `--enable-sigchild`
- Add a Sigchild compatibility mode (activated only if PHP has been compiled with it)
This mode is required to use a hack to determine if the process finished with success when PHP has been compiled with the --enable-sigchild option
#5030 will be totally fixed in 2.2 with #5476 as it would allow to send a `SIGKILL` after timeout
---------------------------------------------------------------------------
by stof at 2012-09-18T21:19:50Z
This will also fix the error reported in Behat/MinkZombieDriver#10
The stop method was broken because of the sigchild workaround introduced in the latest 2.1-RC times
Commits
-------
1402b42 Fixing config normalisation example in docblock
Discussion
----------
Fixing config normalisation example in docblock
Against 2.0 this time
as per @stof's comments in symfony/symfony-docs#1721
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: -
Fixes the following tickets: -
Todo: -
License of the code: MIT
PHP Fatal error: Cannot access private property Symfony\Component\HttpFoundation\Tests\Session\Storage\Handler\MongoDbSessionHandlerTest::$options
in src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/MongoDbSessionHandlerTest.php on line 85
Commits
-------
71d8148 Create CONTRIBUTING.md file for auto-linking in PR's
Discussion
----------
Create CONTRIBUTING.md file for auto-linking in PR's
See: https://github.com/blog/1184-contributing-guidelines
---------------------------------------------------------------------------
by kbond at 2012-09-17T17:35:26Z
@jmikola won the race
---------------------------------------------------------------------------
by stof at 2012-09-17T17:37:35Z
and this should be updated according to the discussion on the dev mailing-list
---------------------------------------------------------------------------
by fabpot at 2012-09-17T17:42:28Z
Instead of duplicating the information, I would just linked to the documentation.
---------------------------------------------------------------------------
by jmikola at 2012-09-17T18:42:29Z
I reduced the file to the "Contributing" block from the readme.
---------------------------------------------------------------------------
by lsmith77 at 2012-09-17T19:36:36Z
+1
Commits
-------
de6658b [Profiler]Use the abstract method to get client IP
Discussion
----------
[Profiler]Use the abstract method to get client IP
---------------------------------------------------------------------------
by armetiz at 2012-09-17T13:37:19Z
This PR is also done for master branch : https://github.com/symfony/symfony/pull/5527
Commits
-------
2bcb6f2 Fixing incorrect word in twig:lint command description
Discussion
----------
[TwigBundle} Fixing incorrect word in twig:lint command description
Commits
-------
c2f8563 Rename $key parameter to $name for consistency
Discussion
----------
[DependencyInjection] Rename $key parameter to $name for consistency
When I worked on #5478, I noticed an inconsistency in parameter naming in the ```ParameterBag#remove``` method. This PR brings things in line with the rest of the class.
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
License of the code: MIT
Commits
-------
690e28e Convert parameter name to lowercase when removing an element from ParameterBag
Discussion
----------
[DependencyInjection] Convert parameter name to lowercase when removing an element from ParameterBag
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: #5477
License of the code: MIT
---------------------------------------------------------------------------
by sstok at 2012-09-10T08:42:30Z
👍
---------------------------------------------------------------------------
by fabpot at 2012-09-10T09:28:16Z
Shouldn't it be done on the 2.0 branch?
---------------------------------------------------------------------------
by stloyd at 2012-09-10T09:29:35Z
@fabpot AFAIK `2.0` don't have `ParameterBag#remove()` method
---------------------------------------------------------------------------
by aderuwe at 2012-09-10T09:29:52Z
The remove method is not present in 2.0.
On Mon, Sep 10, 2012 at 11:28 AM, Fabien Potencier <notifications@github.com
> wrote:
> Shouldn't it be done on the 2.0 branch?
>
> —
> Reply to this email directly or view it on GitHub<https://github.com/symfony/symfony/pull/5478#issuecomment-8418300>.
>
>
Commits
-------
05f7f78 Fixed the phpdoc in the DependencyInjection component
Discussion
----------
Fixed the phpdoc in the DependencyInjection component
I was sick of having a warning in my IDE each time I used DefinitionDecorator because of an invalid phpdoc in the constructor, so I took some time and fixed it in the whole DI component.
---------------------------------------------------------------------------
by stof at 2012-09-07T23:09:04Z
The travis failure is unrelated. It is all about some intl failures.
---------------------------------------------------------------------------
by eventhorizonpl at 2012-09-07T23:37:04Z
Reviewed-by: Michal Piotrowski <michal@eventhorizon.pl>
---------------------------------------------------------------------------
by pborreli at 2012-09-08T01:42:26Z
👍
Commits
-------
1b5ad17 Revert "Removed MySQL-exclusive usage of unsigned integer from table creation"
Discussion
----------
[Security][DBAL] Revert MySQL unsigned removal
Revert "Removed MySQL-exclusive usage of unsigned integer from table creation"
This reverts commit 57694aaa94.
The problem is underlying in Doctrine DBAL change tracking and should
either be fixed or ignored there.
I opened a ticket on Doctrine Jira http://doctrine-project.org/jira/browse/DBAL-322
---------------------------------------------------------------------------
by fabpot at 2012-08-14T06:40:47Z
I will merge this PR after we have a release of DBAL that includes the fix for DBAL-322.
---------------------------------------------------------------------------
by acasademont at 2012-08-20T08:01:48Z
This was already fixed 2 weeks ago in doctrine/dbal#183 so i guess this can be closed
---------------------------------------------------------------------------
by acasademont at 2012-08-20T08:02:06Z
merged i mean
Commits
-------
3036b00 JsonResponseTest
Discussion
----------
JsonResponseTest
Hi,
This patch adds some tests for JsonResponse.
Best regards,
Michal
---------------------------------------------------------------------------
by eventhorizonpl at 2012-09-01T07:09:12Z
Done. Thanks for the review!
Commits
-------
8a3c8c9 load test
Discussion
----------
load test
Hi,
This patch add test that covers this situation
public static function load($classes, $cacheDir, $name, $autoReload, $adaptive = false, $extension = '.php')
{
// each $name can only be loaded once per PHP process
if (isset(self::$loaded[$name])) {
return;
}
Best regards,
Michal