* 4.4:
[Form][Validator][Intl] Fix tests
[Messenger] return empty envelopes when RetryableException occurs
[Intl] Excludes locale from language codes (split localized language names)
[FrameworkBundle] WebTestCase KernelBrowser::getContainer null return type
[Intl] Fix compile type errors
[Validator] Accept underscores in the URL validator as the URL will resolve correctly
[Translation] Collect original locale in case of fallback translation
Add types to constructors and private/final/internal methods (Batch I)
[HttpFoundation] optimize normalization of headers
Replace REMOTE_ADDR in trusted proxies with the current REMOTE_ADDR
[ErrorHandler] Forward \Throwable
Fix toolbar load when GET params are present in "_wdt" route
This PR was merged into the 4.4 branch.
Discussion
----------
[Http][DI] Replace REMOTE_ADDR in trusted proxies with the current REMOTE_ADDR
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR |
Currently handling trusted ips when deploying behind some CDNs/Load balancers such as ELB is difficult because they dont have a constant IP address, its possible to overcome this as is suggested by the docs - https://symfony.com/doc/current/deployment/proxies.html#but-what-if-the-ip-of-my-reverse-proxy-changes-constantly - by settings trusted proxies to `$request->server->get('REMOTE_ADDR')` - but this has to be done in code, and so becomes dangerous if you code is deployed in different environments.
This change would allow the developer to stick to providing the envvar `TRUSTED_PROXIES`, and in the environment behind a ELB set the value to the literal string `REMOTE_ADDR`, and have it replaced at run time. This way in environments that are not using ELB his app is kept safe.
I think doing this replacement in `Request:: setTrustedProxies` is the best place because it means this feature isn't exposed to other parts of the code that might call `Request::getTrustedProxies`.
Commits
-------
643c9ff257 Replace REMOTE_ADDR in trusted proxies with the current REMOTE_ADDR
* 4.4: (21 commits)
[appveyor] exclude tty group
[HttpFoundation] Add types to private/final/internal methods and constructors.
Add types to private/final/internal methods and constructors.
SCA: minor code tweaks
Tweak output
[FrameworkBundle] Added --sort option for TranslationUpdateCommand
[HttpClient] fallbackto CURLMOPT_MAXCONNECTS when CURLMOPT_MAX_HOST_CONNECTIONS is not available
[DI] generate preload.php file for PHP 7.4 in cache folder
Allow version 2 of the contracts package.
[Serializer] Allow multi-dimenstion object array in AbstractObjectNormalizer
fixed typo
[HttpKernel] Fix Apache mod_expires Session Cache-Control issue
deprecated not passing dash symbol (-) to STDIN commands
[VarDumper] display ellipsed FQCN for nested classes
[VarDumper] Display fully qualified title
[Mailer] Change the syntax for DSNs using failover or roundrobin
Removed workaround introduced in 4.3
[Console] Added support for definition list
[OptionsResolver] Display full nested options hierarchy in exceptions
New welcome page
...
* 4.4:
Improve some URLs
cleanup remaining param and internal Intl FulLTransformer
[HttpClient] fix data loss when streaming as a PHP resource
Fix test compatibility with 4.x components
[Cache] cs fix
This PR was squashed before being merged into the 3.4 branch (closes#32800).
Discussion
----------
Improve some URLs
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
fab17a4487 Improve some URLs
* 4.4:
fix case
[Messenger] Removed named parameters and replaced with `?` placeholders for sqlsrv compatibility
[FrameworkBundle] Detect indirect env vars in routing
[Form] type cannot be a FormTypeInterface anymore
[HttpClient] use "idle" instead of "inactivity" when telling about the timeout option
Create mailBody with only attachments part present
Remove calls to deprecated function assertAttributeX
[PhpUnitBridge] make the bridge act as a polyfill for newest PHPUnit features
[Intl] Order alpha2 to alpha3 mapping
[Routing] added a warning about the getRouteCollection() method
Allow sutFqcnResolver to return array
[Messenger] Fix incompatibility with FrameworkBundle <4.3.1
Created alias to FlattenException to avoid BC break
[Ldap] Add security LdapUser and provider
[HttpFoundation] Revert getClientIp @return docblock
* 4.3:
[FrameworkBundle] Detect indirect env vars in routing
Remove calls to deprecated function assertAttributeX
[Intl] Order alpha2 to alpha3 mapping
[Routing] added a warning about the getRouteCollection() method
Allow sutFqcnResolver to return array
[HttpFoundation] Revert getClientIp @return docblock
* 3.4:
[FrameworkBundle] Detect indirect env vars in routing
Remove calls to deprecated function assertAttributeX
[Intl] Order alpha2 to alpha3 mapping
[Routing] added a warning about the getRouteCollection() method
Allow sutFqcnResolver to return array
[HttpFoundation] Revert getClientIp @return docblock
* 4.4: (53 commits)
Fix Twig 1.x compatibility
Deprecating templateExists method
[Translator] Improve farsi(persian) translations for Form
[Validator] Fix Changelog for #31511
[Lock][Console] bump lock requirement in console
[Lock] minor: add missing alias for PersistenStoreInterface
Improve fa translations
Dynamic bundle assets
[Lock] rename and deprecate Factory into LockFactory
[Debug] Restoring back the state of the Debug component (1st step)
Spell "triggering" properly
[Lock] Fix tests
Added tests to cover the possibility of having scalars as services.
fixed CS
[Lock] Split \"StoreInterface\" into multiple interfaces with less responsability
[VarDumper] Let browsers trigger their own search on double CMD/CTRL + F hit
[Validator] Allow to use property paths to get limits in range constraint
Fix missing deprecations
fixed tests on old PHP versions
[FrameworkBundle] Inform the user when save_path will be ignored
...
* 4.3: (26 commits)
Fix Twig 1.x compatibility
[Translator] Improve farsi(persian) translations for Form
Improve fa translations
Spell "triggering" properly
Added tests to cover the possibility of having scalars as services.
fixed tests on old PHP versions
[FrameworkBundle] Inform the user when save_path will be ignored
fixed CS
[SecurityBundle] Fix profiler dump for non-invokable security listeners
fixed CS
[Messenger] Doctrine Transport: Support setting auto_setup from DSN
[Translator] Load plurals from po files properly
[Serializer]: AbstractObjectNormalizer ignores the property types of discriminated classes
[EventDispatcher] Add tag kernel.rest on 'debug.event_dispatcher' service
[Console] Update to inherit and add licence
Add missing test for workflow dump description
[Intl] Remove --dev from intl compile autoloader
[Messenger] fix publishing headers set on AmqpStamp
Remove call to deprecated method
[Intl] Init compile tmp volume
...
* 3.4:
Fix Twig 1.x compatibility
[Translator] Improve farsi(persian) translations for Form
Improve fa translations
Added tests to cover the possibility of having scalars as services.
fixed tests on old PHP versions
[FrameworkBundle] Inform the user when save_path will be ignored
fixed CS
[Translator] Load plurals from po files properly
[EventDispatcher] Add tag kernel.rest on 'debug.event_dispatcher' service
[Console] Update to inherit and add licence
[Intl] Remove --dev from intl compile autoloader
[Intl] Init compile tmp volume
PHP 5 compat
Add test case
Update Request.php
Don't assume port 0 for X-Forwarded-Port
Load plurals from mo files properly
* 4.4: (33 commits)
[DI] fix processing of regular parameter bags by MergeExtensionConfigurationPass
[FrameworkBundle] reset cache pools between requests
[HttpFoundation] Accept must take the lead for Request::getPreferredFormat()
[FrameworkBundle] Allow to use the BrowserKit assertions with Panther and API Platform's test client
Use ConnectionRegistry instead of RegistryInterface.
Fixes windows error
Improving the request/response format autodetection
[Messager] Simplified MessageBus::__construct()
[WIP][Mailer] Overwrite envelope sender and recipients from config
[Messenger] Added more test for MessageBus
[Mime] Updated some PHPDoc contents
[PropertyAccess] Adds entries to CHANGELOG and UPGRADE
fixed typo
[FrameworkBundle] Simplified some code in the DI configuration
[Filesystem] added missing deprecations to UPGRADE-4.3.md
[Filesystem] depreacte calling isAbsolutePath with a null
Fix authentication for redis transport
only decorate when an event dispatcher was passed
[Messenger] Added support for auto trimming of redis streams
[FrmaeworkBundle] More simplifications in the DI configuration
...
* 3.4:
Make translations consistent with other translations.
Correct language code for ukrainian language in security translations.
Fix return type of Request::getRequestFormat
[Cache] Fix perf when using RedisCluster by reducing roundtrips to the servers
* 3.4: (24 commits)
Apply php-cs-fixer rule for array_key_exists()
[Security] Change FormAuthenticator if condition
handles multi-byte characters in autocomplete
speed up tests running them without debug flag
[Translations] added missing Croatian validators
Fix getItems() performance issue with RedisCluster (php-redis)
[VarDumper] Keep a ref to objects to ensure their handle cannot be reused while cloning
IntegerType: reject submitted non-integer numbers
be keen to newcomers
[HttpKernel] Fix possible infinite loop of exceptions
fixed CS
[Validator] Added missing translations for Afrikaans
do not validate non-submitted form fields in PATCH requests
Update usage example in ArrayInput doc block.
[Console] Prevent ArgvInput::getFirstArgument() from returning an option value
[Validator] Fixed duplicate UUID
fixed CS
[EventDispatcher] Fix unknown priority
Avoid mutating the Finder when building the iterator
[Validator] Add the missing translations for the Greek (el) locale
...