This PR was submitted for the master branch but it was merged into the 2.4 branch instead (closes#11278).
Discussion
----------
Remove Spaceless Blocks From Twig Templates
Leaving it in can only mangle values from data bound to the form.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11277
| License | MIT
| Doc PR |
The tests pass here, but it doesn't seem like any tests really cover the actual rendering.
Commits
-------
793a083 Remove Spaceless Blocks From Twig Templates
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] Fix to prevent magic bytes injection in JSONP responses... (CVE-2014-4671)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no*
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
| CVE Ticket | [CVE-2014-4671](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4671)
| See Also | [Rosetta Flash](http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/)
\* Unless you are parsing the response string manually, which you really shouldn't do anyway
**THIS IS A SECURITY FIX AND SHOULD BE MERGED SHORTLY**
This fix prevents attacks vectors where third-party browser plugins depends on ASCII magic bytes in order to execute a plugin. This is currently exploited with Flash using a carefully crafted JSONP response, allowing the execution of random SWF data from a domain with a vulnerable JSONP endpoint.
This security issue is mitigated by adding an empty comment right before the callback parameter. This does not affect the execution of the JSONP callback.
Commits
-------
6af3d05 [HttpFoundation] Fix to prevent magic bytes injection in JSONP responses (Prevents CVE-2014-4671)
This PR was squashed before being merged into the 2.5 branch (closes#11284).
Discussion
----------
[Console] Remove estimated field from debug_nomax
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11281
| License | MIT
| Doc PR |
Commits
-------
2ac1bb4 [Console] Remove estimated field from debug_nomax
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] [Validator] Fix UserPassword validator translation
| Q | A
| ------------- | ---
| Fixed tickets | None
| License | MIT
Fixes the UserPassword translation message only for 2.3 as discussed in symfony/symfony#11383.
Commits
-------
73d50ed Fix UserPassword validator translation
This PR was merged into the 2.3 branch.
Discussion
----------
Remove Spaceless Blocks from Twig Form Templates
In favor of using Twig's whitespace control operators. See #11277
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11277
| License | MIT
| Doc PR |
Per @fabpot and @stof's requests in #11278, this is a PR for the 2.3 branch.
Commits
-------
8f9ed3e Remove Spaceless Blocks from Twig Form Templates
This PR was merged into the 2.6-dev branch.
Discussion
----------
Allow xdebug.file_link_format from php ini to work when xdebug extension is not loaded
Q | A
----------------- | ---------------
Bug fix? | yes
New feature? | no
BC breaks? | no
Deprecations? | no
Tests pass? | yes
Fixed tickets | #11081
License | MIT
Doc PR | N/A
Complete the PR https://github.com/symfony/symfony/pull/11081
Commits
-------
8b2397c Applyied code review
97e07d5 Check for xdebug link format via both ini_get and get_cfg_var
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][HttpFoundation] Fix wrong assertion in Response test
| Q | A
| ------------- | ---
| Bug fix? | kinda
| New feature? | no
| BC breaks? | no
| Tests pass? | yes
| License | MIT
Commits
-------
3d63f80 [HttpFoundation] Fix wrong assertion in Response test
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#9719).
Discussion
----------
[TwigBundle] fix configuration tree for paths
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8171
| License | MIT
| Doc PR | na
This is a joint effort with @mdavis1982 and @cordoval 👶 pairing up and warming for hacking day in Warsaw
Commits
-------
9aa88e4 added regression test
4201d41 fix issue #8171 on configuration tree for twig extension -- pairing up with @cordoval
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][Form] Cleanup & fix phpdocs
| Q | A
| ------------- | ---
| Bug fix? | kinda
| New feature? | no
| BC breaks? | no
| Tests pass? | yes
| License | MIT
This PR was done mostly cause of reports about invalid/not supported types/variables in phpstorm/scrutinizer-ci, and after I started fixing I noticed more problems in those phpdocs so I have cleanedup them a bit.
Commits
-------
a67bc76 [2.3][Form] Cleanup & fix phpdocs
This PR was squashed before being merged into the 2.6-dev branch (closes#10960).
Discussion
----------
[Filesystem] Throw Exception on copying from an unreadable file or to an unwritable file
| Q | A |
| ------------- | ------------- |
| Bug fix? | No |
| New feature? | No |
| BC breaks? | No |
| Deprecations? | No |
| Tests pass? | Yes |
| Fixed tickets | |
| License | MIT |
In certain circumstances (overwrite set to true, target file not writable), Filesystem->copy() would return success even though the file was not successfully copied. Unit tests included.
Commits
-------
cd5da9b [Filesystem] Throw Exception on copying from an unreadable file or to an unwritable file
This PR was merged into the 2.4 branch.
Discussion
----------
Added verbosity methods to NullOutput
These 4 methods were not added to the OutputInterface because of BC, but they should still be implemented in all classes which implement that interface. Otherwise we have to do nasty tricks...
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
0459249 Added verbosity methods
This PR was merged into the 2.6-dev branch.
Discussion
----------
[HttpFoundation] Added a switch to delete file after the response is send
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | symfony/symfony-docs#3975
I have not done any Unit Tests for this code as I suspect there may already be a way to solve my problem of deleting a file after the request was sent. Is it possible to use `sendContent` and delete the file after that? My attempts were unsuccessful.
If this code is desirable, please assist me in how I would write an unit test for this. Thanks.
TODO:
- [x] Add unit tests
- [x] Update documentation
- [x] Mention that using `X-Sendfile` will overwrite deleteFileAfterSend
Commits
-------
1fff158 [HttpFoundation] Added a switch to delete file after the response is send
* 2.5:
added missing test
fixed CS
[HttpFoundation] Remove content-related headers if content is empty
bumped Symfony version to 2.5.2
bumped Symfony version to 2.4.8
updated VERSION for 2.5.1
updated CHANGELOG for 2.5.1
removed defaults from PHPUnit configuration
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.4:
added missing test
fixed CS
[HttpFoundation] Remove content-related headers if content is empty
bumped Symfony version to 2.4.8
removed defaults from PHPUnit configuration
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#11244).
Discussion
----------
[HttpFoundation] Remove body-related headers when sending the response, if body is empty
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
I've updated the implementation for informational and 204 or 304 responses. They will now, as they have no content, not return headers like `content-type` or `content-length`.
I'm unsure about `content-length` - we could also set it hardcoded to zero ... but I thought, that (because the specs say that it just can't have a response-body) the system should not return anything here.
Commits
-------
9dbe89d [HttpFoundation] Remove content-related headers if content is empty
This PR was merged into the 2.6-dev branch.
Discussion
----------
[FrameworkBundle] Improving bad bundle exception in _controller
...ntroller in a routeHi guys!
This improves the exception message when you use a bad bundle name in the `_controller` syntax in a routing file. Here is the before and after of the message with this mistake (real bundle is `KnpUniversityBundle`):
```yaml
some_route:
pattern: /
defaults: { _controller: "Knp2UniversityBundle:Course:index" }
```
Notice the before and after behavior is the same `InvalidArgumentException` (just a different message).
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Catching the plain `InvalidArgumentException` from `Kernel::getBundles()` seems a bit "loose". Should we consider creating a new exception (e.g. `BundleDoesNotExistException`) that extends `InvalidArgumentException` and throw it from inside `Kernel::getBundles`? This would allow us to catch more precisely, and it seems like it would be BC.
Suggestions and thoughts warmly welcome!
Thanks!
Commits
-------
f9b88c6 Improving the exception message when the bundle name is wrong for the controller in a route
This PR was merged into the 2.6-dev branch.
Discussion
----------
[FrameworkBundle] Use ProcessHelper for server:run command
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
Let's use our new process helper :)
Commits
-------
6ca1c90 [FrameworkBundle] Use ProcessHelper for server:run command
a5f36a8 [Console] Add threshold for ProcessHelper verbosity
This PR was merged into the 2.3 branch.
Discussion
----------
remove defaults from PHPUnit configuration
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | --
| License | MIT
| Doc PR | --
Follow-up to #11329.
Commits
-------
afc4930 removed defaults from PHPUnit configuration
