* 2.8:
fixed obsolete getMock() usage
fixed obsolete getMock() usage
[WebProfilerBundle] Display multiple HTTP headers in WDT
do not remove the Twig ExceptionController service
removed obsolete condition
do not try to register incomplete definitions
* 2.8:
[DI] minor FileLoaders tests update
[HttpKernel] Revert BC breaking change of Request::isMethodSafe()
[DOMCrawler] Bug fixed
[Process] Do feat test before enabling TTY mode
bumped Symfony version to 2.8.15
updated VERSION for 2.8.14
updated CHANGELOG for 2.8.14
bumped Symfony version to 2.7.22
updated VERSION for 2.7.21
update CONTRIBUTORS for 2.7.21
updated CHANGELOG for 2.7.21
Fix annotation type for $context
[Doctrine][Form] support large integers
* 2.7:
[DI] minor FileLoaders tests update
[HttpKernel] Revert BC breaking change of Request::isMethodSafe()
[DOMCrawler] Bug fixed
[Process] Do feat test before enabling TTY mode
bumped Symfony version to 2.7.22
updated VERSION for 2.7.21
update CONTRIBUTORS for 2.7.21
updated CHANGELOG for 2.7.21
[Doctrine][Form] support large integers
* 2.8:
[Translation][fallback] add missing resources in parent catalogues.
removed a deprecation notice
[Form] Fix show float values as choices values in ChoiceType
Remove double use Statement
Improved the design of the metrics in the profiler
[Console] Fix infinite loop on missing input
[HttpFoundation][Session] memcached connection should not be closed
* 2.7:
[Translation][fallback] add missing resources in parent catalogues.
removed a deprecation notice
[Form] Fix show float values as choices values in ChoiceType
[HttpFoundation][Session] memcached connection should not be closed
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation][Session] Fix memcache session handler
| Q | A
| ------------- | ---
| Branch? | 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 3.0, 3.1, master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commit 0216e05605 removed the opening of connection to memcached server on call to `open()`, because it's assumed that connection is already opened. However, `close()` still closes the connection. As a result no more read/write calls can be made if session got closed, as the connection does not get reestablished.
Basically MemcacheSessionHandler should follow same logic as Memcache**d**SessionHandler, which is exactly what this MR acomplishes.
Commits
-------
0423d894 [HttpFoundation][Session] memcached connection should not be closed
* 2.8:
[DependencyInjection] Add missing PHPDoc type
Correct a typo in the ReflectionExtractor's description
[HttpFoundation] JSONP callback validation
[Console] Improved the explanation of the hasOption() method
Uniformize exception vars according to our CS
add missing use statement
bug #18042 [Security] $attributes can be anything, but RoleVoter assumes strings
* 2.7:
[HttpFoundation] JSONP callback validation
[Console] Improved the explanation of the hasOption() method
add missing use statement
bug #18042 [Security] $attributes can be anything, but RoleVoter assumes strings
* 2.8:
[VarDumper] Fix test
Revert "minor #20011 Use UUID for error codes for Form validator. (Koc)"
Use UUID for error codes for Form validator.
Use UUID for error codes for Form validator.
Fixed regression when exception message swallowed when logging it.
[HttpFoundation] Enable memcached tests with the latest memcached extension
* 2.7:
Revert "minor #20011 Use UUID for error codes for Form validator. (Koc)"
Use UUID for error codes for Form validator.
Fixed regression when exception message swallowed when logging it.
[HttpFoundation] Enable memcached tests with the latest memcached extension
* 2.8:
[travis] Use 7.0 until 7.1 is fixed
[DIC] Fix service autowiring inheritance
[SecurityBundle] Add missing deprecation notice for form_login.intention
Verify explicitly that the request IP is a valid IPv4 address
* 2.8:
[Routing] Add missing options in docblock
[VarDumper] Fix dumping continuations
[HttpFoundation] fixed Request::getContent() reusage bug
[Form] Skip CSRF validation on form when POST max size is exceeded
Enhance the phpDoc return types so IDEs can handle the configuration tree.
fixes
Remove 3.0 from branch suggestions for fixes in PR template
[Process] Strengthen Windows pipe files opening (again...)
Fix#19531 [Form] DateType fails parsing when midnight is not a valid time
* 2.7:
[Routing] Add missing options in docblock
[VarDumper] Fix dumping continuations
[HttpFoundation] fixed Request::getContent() reusage bug
[Form] Skip CSRF validation on form when POST max size is exceeded
Enhance the phpDoc return types so IDEs can handle the configuration tree.
fixes
Remove 3.0 from branch suggestions for fixes in PR template
[Process] Strengthen Windows pipe files opening (again...)
Fix#19531 [Form] DateType fails parsing when midnight is not a valid time
* 3.0:
[VarDumper] Fix dumping jsons casted as arrays
PassConfig::getMergePass is not an array
Revert "bug #19114 [HttpKernel] Dont close the reponse stream in debug (nicolas-grekas)"
Fix the retrieval of the last username when using forwarding
[Yaml] Fix PHPDoc of the Yaml class
[HttpFoundation] Add OPTIONS and TRACE to the list of safe methods
Update getAbsoluteUri() for query string uris
Conflicts:
src/Symfony/Component/Yaml/Yaml.php
* 2.8:
[VarDumper] Fix dumping jsons casted as arrays
PassConfig::getMergePass is not an array
Revert "bug #19114 [HttpKernel] Dont close the reponse stream in debug (nicolas-grekas)"
Fix the retrieval of the last username when using forwarding
[Yaml] Fix PHPDoc of the Yaml class
[HttpFoundation] Add OPTIONS and TRACE to the list of safe methods
Update getAbsoluteUri() for query string uris
* 2.7:
[VarDumper] Fix dumping jsons casted as arrays
PassConfig::getMergePass is not an array
Revert "bug #19114 [HttpKernel] Dont close the reponse stream in debug (nicolas-grekas)"
Fix the retrieval of the last username when using forwarding
[Yaml] Fix PHPDoc of the Yaml class
[HttpFoundation] Add OPTIONS and TRACE to the list of safe methods
Update getAbsoluteUri() for query string uris
* 3.0:
[travis] Fix deps=low/high builds
fixed CS
skip test with current phpunit bridge
Fix for #19183 to add support for new PHP MongoDB extension in sessions.
[Console] Fix for block() padding formatting after #19189
[Security][Guard] check if session exist before using it
bumped Symfony version to 3.0.9
updated VERSION for 3.0.8
updated CHANGELOG for 3.0.8
bumped Symfony version to 2.8.9
updated VERSION for 2.8.8
updated CHANGELOG for 2.8.8
bumped Symfony version to 2.7.16
updated VERSION for 2.7.15
update CONTRIBUTORS for 2.7.15
updated CHANGELOG for 2.7.15
Fix some lowest deps
Fixed typos in the expectedException annotations
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Security/Guard/Authenticator/AbstractFormLoginAuthenticator.php
* 2.8:
[travis] Fix deps=low/high builds
fixed CS
skip test with current phpunit bridge
Fix for #19183 to add support for new PHP MongoDB extension in sessions.
[Console] Fix for block() padding formatting after #19189
[Security][Guard] check if session exist before using it
bumped Symfony version to 2.8.9
updated VERSION for 2.8.8
updated CHANGELOG for 2.8.8
bumped Symfony version to 2.7.16
updated VERSION for 2.7.15
update CONTRIBUTORS for 2.7.15
updated CHANGELOG for 2.7.15
Fix some lowest deps
Fixed typos in the expectedException annotations
Conflicts:
CHANGELOG-2.7.md
CHANGELOG-3.0.md
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/MongoDbSessionHandlerTest.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/HttpKernel/composer.json
src/Symfony/Component/Yaml/Tests/ParserTest.php
* 2.7:
[travis] Fix deps=low/high builds
fixed CS
Fix for #19183 to add support for new PHP MongoDB extension in sessions.
bumped Symfony version to 2.7.16
updated VERSION for 2.7.15
update CONTRIBUTORS for 2.7.15
updated CHANGELOG for 2.7.15
Fixed typos in the expectedException annotations
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
This PR was squashed before being merged into the 2.7 branch (closes#18688).
Discussion
----------
[HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#6526
Emit a warning when a request has both a trusted Forwarded header and a trusted X-Forwarded-For header, as this is most likely a misconfiguration which causes security issues.
Commits
-------
ee8842f [HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
