* 2.2:
Fix getPort() returning 80 instead of 443 when X-FORWARDED-PROTO is set to https
[Translation] fixed a unit test
Conflicts:
src/Symfony/Component/HttpFoundation/Request.php
This PR was submitted for the master branch but it was merged into the 2.1 branch instead (closes#7871).
Discussion
----------
Fix getPort() returning 80 instead of 443 when X-FORWARDED-PROTO is set to https
[HttpFoundation] fixed something
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7870
| License | MIT
| Doc PR |
Ensure that the getPort() method returns port 443 as default when
X-FORWARDED-PROTO is set to https. Currently it would return port 80
if X-FORWARDED-PROTO was set to https and X-FORWARDED-PORT was not
set by the trusted proxy.
Commits
-------
8554af3 Fix getPort() returning 80 instead of 443 when X-FORWARDED-PROTO is set to https
This PR was merged into the master branch.
Discussion
----------
[2.3] [Validator] added comparison constraints and validators
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
They work on a class level and you specify a list of properties. Included are the standard GreaterThan, GreaterThanOrEqual, LessThan, LessThanOrEqual and Equal. e.g.:
```php
<?php
/**
* @assert:GreaterThan({"diedDate", "bornDate"})
* @assert:LessThanOrEqual({"bornDate", "firstSchoolDayDate", "diedDate"})
*/
class Person
{
private $bornDate;
private $firstSchoolDayDate;
private $diedDate;
}
```
I think it would also be useful if they worked on a property level rather than just class. I'm not sure what the default option should be though. e.g. is there a reliable way to determine what's a raw value and what's a property name:
```php
<?php
/** @assert:GreaterThan(80) */
private $iq;
/** @assert:LessThan('dateDied') */
private $bornDate;
/** @assert:LessThanOrEqual('C') */
private $grade;
/** @assert:GreaterThanOrEqual({50, 'ageStartedSchool'}) */
private $age;
```
Commits
-------
0bffdff [Validator] Added comparison validators.
This PR was merged into the master branch.
Discussion
----------
[PropertyAccess] Made naming consistent with Form and Validator
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
8817e70 [PropertyAccess] Made naming consistent with Form and Validator
This PR was merged into the master branch.
Discussion
----------
[Form] *_SET_DATA events are now guaranteed to be fired *after* the initial children were added
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7873
| License | MIT
| Doc PR | -
Commits
-------
441222e [Form] *_SET_DATA events are now guaranteed to be fired *after* the initial children were added
This PR was merged into the master branch.
Discussion
----------
[Process] Add unit tests for #7865
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | |no
| Tests pass? | yes when 2.1 will be merged in master
| License | MIT
This PR adds test for #7865. It's currently failing, but will pass once 2.1 will be merged in master.
Commits
-------
421c354 [Process] Add unit tests for #7865
* 2.2:
[BrowserKit] fixed BC break done recently
[Process] Fix#5594 : `termsig` must be used instead of `stopsig` in exceptions when a process is signaled
[Console] find command even if its name is a namespace too (closes#7860)
Rename misprint property (from warmer to finder)
Reset all catalogues when adding resource to fallback locale (#7715, #7819)
Added reloading of fallback catalogues when calling addResource() (#7715)
Re-added context information to log list
Add This field is missing RU translation
Conflicts:
src/Symfony/Component/Console/Tests/ApplicationTest.php
* 2.1:
[BrowserKit] fixed BC break done recently
[Process] Fix#5594 : `termsig` must be used instead of `stopsig` in exceptions when a process is signaled
Rename misprint property (from warmer to finder)
Add This field is missing RU translation
Conflicts:
src/Symfony/Component/Process/Process.php
src/Symfony/Component/Validator/Resources/translations/validators.ru.xlf
This PR was merged into the 2.1 branch.
Discussion
----------
[BrowserKit] fixed BC break done recently
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This PR tries to avoid a BC break that was introduced recently in the management of cookies (see #7738).
see fabpot/Silex#684
Commits
-------
25b8b84 [BrowserKit] fixed BC break done recently
This PR was merged into the master branch.
Discussion
----------
Fix http-kernel dep in symfony/security
The current constraint will not match 2.3.x-dev and cause edge cases
where either:
* composer falls back to symfony/symfony because it cannot find a match
* composer installs 2.2 versions of http-kernel and http-foundation
Commits
-------
01016be Fix http-kernel dep in symfony/security
This PR was merged into the 2.1 branch.
Discussion
----------
[Process] Fix#5594 : `termsig` must be used instead of `stopsig` in exceptions when a process is signaled
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #5594
| License | MIT
When a process is signaled, an exception is thrown saying `The process has been signaled with signal "0".`. This is wrong because "0" is not a signal.
This is actually a bug in `Process` because we retrieve the `stopsig` property of the process status whereas we should retrieve the `termsig`.
`stopsig` should be retrieved in case the process has been stopped, and `termsig` when it has been signaled, see [PHP documentation](http://www.php.net/manual/en/function.proc-get-status.php).
Commits
-------
8757ad4 [Process] Fix#5594 : `termsig` must be used instead of `stopsig` in exceptions when a process is signaled
This PR was merged into the master branch.
Discussion
----------
Added missing information to the UPGRADE-3.0 file and sorted its sections
Commits
-------
7e7e4c0 Added missing information to the UPGRADE-3.0 file and sorted its sections
This PR was merged into the master branch.
Discussion
----------
Place hasArgument() check at the beginning of getArgument() method
If input definition doesn't have specified argument, then unnecessary operations will be executed ($arguments = is_int($name) ? array_values($this->arguments) : $this->arguments;)
Commits
-------
992c218 Place hasArgument() check at the beginning of getArgument() method
This PR was merged into the master branch.
Discussion
----------
[Validator] Rename issn constraint message option.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Rename issn constraint message option to be consistent with all constraints having a single message option as suggested by @stof at a4abfb9550 (L0R23)
Commits
-------
57c724a [Validator] Rename issn constraint message option to be consistent with all constraints having a single message option
The current constraint will not match 2.3.x-dev and cause edge cases
where either:
* composer falls back to symfony/symfony because it cannot find a match
* composer installs 2.2 versions of http-kernel and http-foundation
This PR was merged into the 2.2 branch.
Discussion
----------
[Console] is not ambiguous anymore if it has a perfect match command name (closes#7860)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes, locally
| Fixed tickets | #7860
| License | MIT
| Doc PR | no
Commits
-------
be34917 [Console] find command even if its name is a namespace too (closes#7860)
If input definition doesn't have specified argument, then unnecessary operations will be executed ($arguments = is_int($name) ? array_values($this->arguments) : $this->arguments;)
This PR was merged into the master branch.
Discussion
----------
Profiler activation
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7064, #7071
| License | MIT
| Doc PR | symfony/symfony-docs#2565
As stated in #7071, there is no way to disable the profiler completely. Even when the `enabled` flag is set to `false`, the profiler is still registered but the data collectors are not activated.
Now, when `enabled` is `false`, the profiler is disabled. To get the old `false` behavior, you now need to set `enabled` to `true` and set the new `collect` flag to `false`.
Todo:
- [x] update docs
- [x] update Symfony SE -- not needed
Commits
-------
88ebd62 fixed the registration of the web profiler when the profiler is disabled
a11f901 [FrameworkBundle] added a way to disable the profiler
f675dd8 Truly disabled profiler in prod
Before:
enabled: true # the profiler is enabled and data are collected
enabled: false # the profiler is enabled but data are not collected (data can be collected on demand)
No way to disable the profiler
After:
enabled: true # the profiler is enabled and data are collected
collect: true
enabled: true # the profiler is enabled but data are not collected (data can be collected on demand)
collect: false
enabled: false # the profiler is disabled
This PR was merged into the master branch.
Discussion
----------
[2.3] [TwigBridge] save auto-escaping of generated URLs when possible
| Q | A
| ------------- | ---
| Bug fix? | [no]
| New feature? | [yes: optimization]
| BC breaks? | [no]
| Deprecations? | [no]
| Tests pass? | [yes]
| Fixed tickets | #7088
| License | MIT
| Doc PR | [-]
Determines at compile time whether the generated URL will be safe and thus
saving the unneeded automatic escaping for performance reasons.
The URL generation process percent encodes non-alphanumeric characters. So there is no risk
that malicious/invalid characters are part of the URL. The only character within an URL that
must be escaped in html is the ampersand ("&") which separates query params. So we cannot mark
the URL generation as always safe, but only when we are sure there won't be multiple query
params. This is the case when there are none or only one constant parameter given.
E.g. we know beforehand this will be safe:
- path('route')
- path('route', {'param': 'value'})
But the following may not:
- path('route', var)
- path('route', {'param': ['val1', 'val2'] }) // a sub-array
- path('route', {'param1': 'value1', 'param2': 'value2'})
If param1 and param2 reference placeholder in the route, it would still be safe. But we don't know.
Commits
-------
725568b [TwigBridge] added some unit test for the previous commit
0721ff8 save auto-escaping of generated URLs when possible for performance reasons
This PR was merged into the master branch.
Discussion
----------
[Security] Outsource all the BCrypt heavy lifting to a library
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| License | MIT
The [BCrypt bundle](https://github.com/elnur/ElnurBlowfishPasswordEncoderBundle) is already using the library.
This is a working implementation of #7247
Commits
-------
c83546d [Security] tweaked previous commit
b2e553a Outsource all the BCrypt heavy lifting to a library