This PR was squashed before being merged into the 2.7 branch (closes#21968).
Discussion
----------
Fixed pathinfo calculation for requests starting with a question mark.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21967
| License | MIT
| Doc PR |
With improper `strpos` result check calculated pathinfo for requests starting with '?' equals to request itself.
Correct pathinfo for those requests should be '/'.
Commits
-------
43297b45de Fixed pathinfo calculation for requests starting with a question mark.
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] Fix Request::getHost() when having several hosts in X_FORWARDED_HOST
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The first "host" in the list provided by `X_FORWARDED_HOST` should be the one, not the last.
Already the case for "port" and "scheme".
Commits
-------
9a2b2de64f [HttpFoundation] Fix Request::getHost() when having several hosts in X_FORWARDED_HOST
This PR was squashed before being merged into the 2.7 branch (closes#20972).
Discussion
----------
[HttpFoundation] Improved set cookie header tests
| Q | A
| ------------- | ---
| Branch? | 2.7 (already in master)
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Separated from #20569
Commits
-------
05bce71d7a [HttpFoundation] Improved set cookie header tests
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation][Session] Fix memcache session handler
| Q | A
| ------------- | ---
| Branch? | 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 3.0, 3.1, master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commit 0216e05605 removed the opening of connection to memcached server on call to `open()`, because it's assumed that connection is already opened. However, `close()` still closes the connection. As a result no more read/write calls can be made if session got closed, as the connection does not get reestablished.
Basically MemcacheSessionHandler should follow same logic as Memcache**d**SessionHandler, which is exactly what this MR acomplishes.
Commits
-------
0423d894 [HttpFoundation][Session] memcached connection should not be closed
This PR was squashed before being merged into the 2.7 branch (closes#18688).
Discussion
----------
[HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#6526
Emit a warning when a request has both a trusted Forwarded header and a trusted X-Forwarded-For header, as this is most likely a misconfiguration which causes security issues.
Commits
-------
ee8842f [HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
* 2.3:
[ci] use hirak/prestissimo
[Filesystem] Fix transient tests
[HttpFoundation] Avoid warnings when checking malicious IPs
[HttpFoundation] Set the Content-Range header if the requested Range is unsatisfied
Conflicts:
appveyor.yml
src/Symfony/Component/Filesystem/Tests/FilesystemTest.php
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] Set the Content-Range header if the requested Range is unsatisfied
| Q | A
| ------------- | ---
| Branch | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This is a followup to https://github.com/symfony/symfony/pull/17150#issuecomment-174509954
[RFC2616](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html) specifies the Content-Range header SHOULD be included with a *416 Requested Range Not Satisfiable* response:
> When this status code is returned for a byte-range request, the response SHOULD include a Content-Range entity-header field specifying the current length of the selected resource (see section 14.16). This response MUST NOT use the multipart/byteranges content- type.
[RFC 7233](https://tools.ietf.org/html/rfc7233#section-4.2) specifies what should be the header's value. It's in the "Request for comments" state, but it's the best definition I could find. This value is valid according to rfc2616 as well.
Commits
-------
54329d8 [HttpFoundation] Set the Content-Range header if the requested Range is unsatisfied
* 2.3:
[Finder] Partially revert #17134 to fix a regression
[HttpKernel] Fix mem usage when stripping the prod container
exception when registering bags for started sessions
Conflicts:
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/HttpKernel/Kernel.php
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] exception when registering bags for started sessions
| Q | A
| ------------- | ---
| Branch | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10707, #16136
| License | MIT
| Doc PR |
Commits
-------
c4a5b67 exception when registering bags for started sessions
* 2.3:
[HttpFoundation] Fix transient test
[HttpFoundation] Add a dependency on the mbstring polyfill
add readme files where missing
Don't use reflections when possible
[Form] Update form tests after the ICU data update
[Intl] Update tests and the number formatter to match behaviour of the intl extension
[Intl] Update the ICU data to version 55
[Intl] Fix the update-data.php script in preparation for ICU 5.5
Use constant instead of function call.
fixed test name
automatically generate safe fallback filename
Conflicts:
src/Symfony/Component/Debug/Debug.php
src/Symfony/Component/HttpFoundation/composer.json
src/Symfony/Component/Serializer/Tests/Normalizer/GetSetMethodNormalizerTest.php
* 2.3:
[DomCrawler] Dont use LIBXML_PARSEHUGE by default
[Filesystem] Reduce complexity of ->remove()
added tests for non-trusted proxies
add 'guid' to list of exception to filter out
Ensure backend slashes for symlinks on Windows systems
[Filesystem] Try to delete broken symlinks
* 2.3:
#17676 - making the proxy instantiation compatible with ProxyManager 2.x by detecting proxy features
Fix bug when using an private aliased factory service
ChoiceFormField of type "select" could be "disabled"
Update contributing docs
[Console] Fix escaping of trailing backslashes
Fix constraint validator alias being required
[ci] clone with depth=1 to kill push-forced PRs
Add check on If-Range header