This PR was squashed before being merged into the 2.7 branch (closes#18688).
Discussion
----------
[HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#6526
Emit a warning when a request has both a trusted Forwarded header and a trusted X-Forwarded-For header, as this is most likely a misconfiguration which causes security issues.
Commits
-------
ee8842f [HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
This PR was merged into the 2.8 branch.
Discussion
----------
[Console] Fix formatting of SymfonyStyle::comment()
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19172
| License | MIT
| Doc PR | n/a
This:
```php
$io->comment('Lorem ipsum dolor sit amet, consectetur adipisicing elit, <comment>sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat </comment>cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.');
```
Before outputs:
![](http://image.prntscr.com/image/1d2ea9de42024b53a77120c482be51d4.png)
After:
![](http://image.prntscr.com/image/36de23ec14b64804b0cbae7a431185be.png)
This moves the lines-cutting logic from `block()` into a specific `createBlock`, used from both `comment()` and `block()`, sort as `comment()` can take messages containing nested tags and outputs a correctly formatted block without escaping tags.
Commits
-------
0a53e1d [Console] Fix formatting of SymfonyStyle::comment()
Remove decoration from frameworkbundle test (avoid testing the Console behaviour)
Set background to default
Test output
Adapt test for FrameworkBundle
Use Helper::strlenWithoutDecoration rather than Helper::strlen(strip_tags(..))
Improve logic for align all lines to the first in block()
Tests more block() possible outputs
Avoid calling Helper::strlenWithoutDecoration in loop for prefix, assign it instead
* 2.7:
[CS] Respect PSR2 4.2
[Form] fix `empty_data` option in expanded `ChoiceType`
[Console] removed unneeded private methods
sync min email validator version
[TwigBridge] Fix inconsistency in LintCommand help
explicitly forbid e-mail validator 2.0 or higher
Fixed SymfonyQuestionHelper multi-choice with defaults
[DoctrineBridge] Don't use object IDs in DoctrineChoiceLoader when passing a value closure
Differentiate between the first time a progress bar is displayed and subsequent times
finished previous commit
No more exception for malformed input name
fix post_max_size_message translation
[Process] Fix pipes cleaning on Windows
Avoid phpunit 5.4 warnings on getMock
[Form] Add exception to FormRenderer about non-unique block names
[Form] Consider a violation even if the form is not submitted
* 2.7:
fixed CS
tweaked default CS fixer config
[HttpKernel] Dont close the output stream in debug
move HttpKernel component to require section
Fixed oci and sqlsrv merge queries when emulation is disabled - fixes#17284
[Session] fix PDO transaction aborted under PostgreSQL
[Console] Use InputInterface inherited doc as possible
add docblock type elements to support newly added IteratorAggregate::getIterator PhpStorm support
FormBuilderInterface: fix getForm() return type.
Fixed typo in PHPDoc
* 2.7:
[HttpFoundation] Use UPSERT for sessions stored in PgSql >= 9.5
[Console] fixed PHPDoc
[travis] HHVM 3.12 LTS
Fix feature detection for IE
[Form] Fixed collapsed choice attributes
[Console] added explanation of messages usage in a progress bar
force enabling the external XML entity loaders
[Yaml] properly count skipped comment lines
Conflicts:
src/Symfony/Component/Translation/Loader/XliffFileLoader.php
* 2.7:
[BrowserKit] Bump dom-crawler minimum version requirement
Make one call to "OutputInterface::write" method per table row
[HttpKernel] Fix context dependent test
[Debug] Fix context dependent test
* 2.7:
`@throws` annotations should go after `@return`
Fix merge
updated VERSION for 2.3.42
update CONTRIBUTORS for 2.3.42
updated CHANGELOG for 2.3.42
Revert "bug #18908 [DependencyInjection] force enabling the external XML entity loaders (xabbuh)"
Partial revert of previous PR
[DependencyInjection] Skip deep reference check for 'service_container'
Catch \Throwable
[Serializer] Add missing @throws annotations
Fix for #18843
force enabling the external XML entity loaders
Removed UTC specification with timestamp
Conflicts:
src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php
src/Symfony/Component/Finder/Finder.php
src/Symfony/Component/Security/Acl/Dbal/MutableAclProvider.php
src/Symfony/Component/Security/Acl/Domain/ObjectIdentity.php
src/Symfony/Component/Security/Acl/Model/AclInterface.php
src/Symfony/Component/Security/Acl/Model/MutableAclProviderInterface.php
src/Symfony/Component/Security/Acl/Permission/MaskBuilder.php
src/Symfony/Component/Translation/Loader/XliffFileLoader.php
src/Symfony/Component/Yaml/Tests/InlineTest.php
* 2.3:
updated VERSION for 2.3.42
update CONTRIBUTORS for 2.3.42
updated CHANGELOG for 2.3.42
Revert "bug #18908 [DependencyInjection] force enabling the external XML entity loaders (xabbuh)"
Partial revert of previous PR
[DependencyInjection] Skip deep reference check for 'service_container'
Catch \Throwable
[Serializer] Add missing @throws annotations
Fix for #18843
force enabling the external XML entity loaders
Removed UTC specification with timestamp
* 2.7:
[Yaml] fix exception contexts
People - person singularization
[Yaml] properly handle unindented collections
[Serializer] Add test for ignored attributes during denormalization
chomp newlines only at the end of YAML documents
Fixed server status command when port has been omitted
Update UPGRADE FROM 2.x to 3.0
Catch \Throwable
Use levenshtein level for better Bundle matching
[WebProfilerBundle] Fix CORS ajax security issues
* 2.7:
[2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
prevent calling get() for service_container service
call get() after the container was compiled
Fixed readme of OptionsResolver
[DependencyInjection] Suggest ExpressionLanguage in composer.json
* 2.7:
add @Event annotation for AuthenticationEvents
add @Event annotation for KernelEvents
bumped Symfony version to 2.7.13
updated VERSION for 2.7.12
update CONTRIBUTORS for 2.7.12
updated CHANGELOG for 2.7.12
bumped Symfony version to 2.3.41
updated VERSION for 2.3.40
update CONTRIBUTORS for 2.3.40
updated CHANGELOG for 2.3.40
Revert "minor #18257 [Routing] Don't needlessly execute strtr's as they are fairly expensive (arjenm)"
Revert "fixed CS"
[FrameworkBundle] Remove misleading comment
bug #17460 [DI] fix ambiguous services schema
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Remove misleading comment
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This is not true for service_container anymore.
Commits
-------
9f2f858 [FrameworkBundle] Remove misleading comment
* 2.7:
[HttpFoundation] Improve phpdoc
[Logging] Add support for firefox in ChromePhpHandler
Windows 10 version check in just one line
Detect CLI color support for Windows 10 build 10586
[Security] Fixed SwitchUserListener when exiting an impersonication with AnonymousToken
[EventDispatcher] Try first if the event is Stopped
[FrameworkBundle] fixes grammar in container:debug command manual.
[Form] fix "prototype" not required when parent form is not required
* 2.3:
Detect CLI color support for Windows 10 build 10586
[EventDispatcher] Try first if the event is Stopped
[FrameworkBundle] fixes grammar in container:debug command manual.
Conflicts:
src/Symfony/Component/EventDispatcher/EventDispatcher.php
src/Symfony/Component/HttpKernel/Debug/TraceableEventDispatcher.php
* 2.7:
[travis] Disable hirak/prestissimo for deps=low/high tests
[HttpFoundation] fix phpdoc of UploadedFile
Lower complexity of Form:isValid()
skipped dns-sensitive tests when DnsMock is not found
[FrameworkBundle] Return the invokable service if its name is the class name
[ci] Skip dns-sensitive tests when DnsMock is not found
Exclude Bridge\PhpUnit from composer.json by default
fixed CS
Optimize ReplaceAliasByActualDefinitionPass
[Process] use __METHOD__ where applicable
[Routing] Don't needlessly execute strtr's as they are fairly expensive
* 2.7:
[ci] Get ICU/intl from github instead of nebm.ist.utl.pt/~glopes
[Debug] Fix case sensitivity checks
[Debug] Fix handling of php7 throwables
fix high deps tests
[Process] remove dead code
[WebProfilerBundle] Add missing use statement.
[ClassLoader] Fix storing not-found classes in APC cache
[Form] cs fixes in date types
[phpunit] disable prophecy
* 2.7:
Fix backport
[travis] Upgrade phpunit wrapper & hirak/prestissimo
[Bridge\PhpUnit] Workaround old phpunit bug, no colors in weak mode, add tests
[PropertyAccess] Fix isPropertyWritable not using the reflection cache
[PropertyAccess] Backport fixes from 2.7
[Validator] use correct term for a property in docblock (not "option")
[Routing] small refactoring for scheme requirement
[PropertyAccess] Remove most ref mismatches to improve perf
[Validator] EmailValidator cannot extract hostname if email contains multiple @ symbols
[NumberFormatter] Fix invalid numeric literal on PHP 7
[Process] fix docblock syntax
Use XML_ELEMENT_NODE in nodeType check
[PropertyAccess] Reduce overhead of UnexpectedTypeException tracking
[PropertyAccess] Throw an UnexpectedTypeException when the type do not match
[FrameworkBundle] Add tests for the Controller class
[FrameworkBundle] Add tests for the Controller class
[Process] getIncrementalOutput should work without calling getOutput
Conflicts:
src/Symfony/Bridge/PhpUnit/DeprecationErrorHandler.php
src/Symfony/Bridge/PhpUnit/TextUI/Command.php
src/Symfony/Bundle/FrameworkBundle/Tests/Controller/ControllerTest.php
* 2.3:
[Validator] use correct term for a property in docblock (not "option")
[PropertyAccess] Remove most ref mismatches to improve perf
[Validator] EmailValidator cannot extract hostname if email contains multiple @ symbols
[NumberFormatter] Fix invalid numeric literal on PHP 7
Use XML_ELEMENT_NODE in nodeType check
[PropertyAccess] Reduce overhead of UnexpectedTypeException tracking
[PropertyAccess] Throw an UnexpectedTypeException when the type do not match
[FrameworkBundle] Add tests for the Controller class
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Tests/Controller/ControllerTest.php
src/Symfony/Component/Intl/NumberFormatter/NumberFormatter.php
src/Symfony/Component/PropertyAccess/PropertyAccessor.php
src/Symfony/Component/PropertyAccess/PropertyAccessorInterface.php
src/Symfony/Component/PropertyAccess/PropertyPath.php
src/Symfony/Component/PropertyAccess/Tests/PropertyAccessorTest.php
src/Symfony/Component/Validator/Constraints/EmailValidator.php