This PR was squashed before being merged into the 2.3 branch (closes#14206).
Discussion
----------
[2.3] SCA for Components - reference mismatches
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Static Code Analysis with Php Inspections (EA Extended), no functional changes:
- worked out some of reference mismatches
Commits
-------
f732659 [2.3] SCA for Components - reference mismatches
This PR was merged into the 2.3 branch.
Discussion
----------
CS: Unary operators should be placed adjacent to their operands
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Update before upcoming changes on PHP CS Fixer 1.7
To keep fabbot.io happy ;)
Commits
-------
2367f4a CS: Unary operators should be placed adjacent to their operands
This PR was merged into the 2.3 branch.
Discussion
----------
CS: Convert double quotes to single quotes
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Changes generated automatically by upcoming PHP CS Fixer.
To keep fabbot.io happy ;)
Commits
-------
f99c22c CS: Convert double quotes to single quotes
Reduce couple count calls in [Yaml]
Modernize type casting, fix several strict comparisons
Unsets merged
Elvis operator usage
Short syntax for applied operations
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] [HttpFoundation] fixed param order for Nginx's x-accel-mapping
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | kinda
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13502
| License | MIT
| Doc PR | n/a
Inverted path and location directives for x-accel-mapping header (fixes#13502).
Before:
```proxy_set_header X-Accel-Mapping /internal/=/var/www/example.com/```
After:
```proxy_set_header X-Accel-Mapping /var/www/example.com/=/internal/```
It could be a BC break since the response will fail if someone sends this header
honoring the previous signature, thus I need some feedback in order to choose the right branch for this change.
Commits
-------
9f9f230 [2.3] [HttpFoundation] fixed param order for Nginx's x-accel-redirect
This PR was squashed before being merged into the 2.3 branch (closes#13469).
Discussion
----------
Fix docblocks to comments
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Change docblock into comment when it's not a proper docblock.
Commits
-------
779926a Fix docblocks to comments
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] Removed dead code and various cleaning
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
50973ba Removed dead code and various cleaning
This PR was squashed before being merged into the 2.3 branch (closes#13039).
Discussion
----------
[HttpFoundation] [Request] fix baseUrl parsing to fix wrong path_info
Hi everyone!
We at trivago had an issue with the Request object. It seems that all versions of symfony 2.x and 3.x are affected from this (possible) bug (don't checked 1.x).
Here is the problem:
some old legacy pages are deployed in the Document Root, let's say /var/www/www.test.com/ .
one or more new applications based on symfony are deployed to /var/release/new_app1/ , /var/release/new_app2/ , ... .
in /var/www/www.test.com/ there is a symlink "app" to /var/release/new_app1/web, like:
/var/www/www.test.com/app --> /var/release/new_app1/web/
there is a "SEO"/human-readable rewrite rule for Document Root (if called path/file not exist): (.*) --> app/app.php
the problem comes, when the user calls a uri starting with "app" or whatever the rewrite rule / symlink points to:
the user calls "http://www.test.com/apparthotel-1234"
results in $_SERVER parameters like this
```
'DOCUMENT_ROOT' =>'/var/www/www.test.com',
'SCRIPT_FILENAME' => '/var/www/www.test.com/app/app.php',
'SCRIPT_NAME' => '/app/app.php',
'PHP_SELF' => '/app/app.php/apparthotel-1234'
```
in Request::prepareBaseUrl() there are checks to find the baseUrl:
```
if ($baseUrl && false !== $prefix = $this->getUrlencodedPrefix($requestUri, $baseUrl)) {
// full $baseUrl matches
return $prefix;
}
if ($baseUrl && false !== $prefix = $this->getUrlencodedPrefix($requestUri, dirname($baseUrl))) {
// directory portion of $baseUrl matches
return rtrim($prefix, '/');
}
```
first it is checked if (in our case) "/app/app.php" is in the request uri (/apparthotel-1234).
it's not.
then it takes the dirname (of /app/app.php) which is /app and checks if it is in the request uri (/apparthotel-1234), and YES, it is! and "/app" is returned, but this is wrong, it should be empty (because it comes from a rewrite rule from root: /)!
later in preparePathInfo(), if there is a baseUrl, then the baseUrl is removed from the request uri:
/apparthotel-1234 ---> /arthotel-1234
The cause is, the second baseUrl check, checks if the path of the application is already in the uri, like when the request was "http://www.test.com/app/apparthotel-1234" and hit a rewrite rule like (.*) --> app.php in there, but because it matches a directory it must match "dirname($baseUrl) . '/'".
I also needed to fix one unit test of the getBaseUrl test:
the request uri recently was "/foo%20bar".
but from the $_SERVER infos "foo bar" is a directory, see:
```
'SCRIPT_FILENAME' => '/home/John Doe/public_html/foo bar/app.php',
'SCRIPT_NAME' => '/foo bar/app.php',
'PHP_SELF' => '/foo bar/app.php',
```
webservers will redirect a request "http://www.test.com/foo%20bar" to "http://www.test.com/foo%20bar/" when "foo bar" is a directory. checked this for apache 2.x and nginx 1.4.x.
this fix is for symfony master (3.0.x, see #13039).
I also prepared a merge request for actual 2.7 branch, it will also follow in some minutes. (see #13040)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | this, #13040, #13038, #7329
| License | MIT
[HttpFoundation] [Request]
* added missing slash to baseUrl-path part check to remove the path, only when it's also a path in the uri
[HttpFoundation] [Tests] [RequestTest]
* fixed and added unittests
This is the symfony 2.3 branch fix for the issue related to #13038 and #13040
Happy christmas!
Commits
-------
3a3ecd3 [HttpFoundation] [Request] fix baseUrl parsing to fix wrong path_info
PHPUnit ini_set wrapper is now used in tests to automatically reset
ini settings after the test is run. This avoids possible side effects
and test skipping.
Native ini_set is still used in DefaultCsrfProviderTest, but its
tests are run in isolation.
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] for consistency, use value of DIRECTORY_SEPARATOR to detect Windows
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This commit unifies the detection of Windows builds across the Symfony
codebase.
Commits
-------
20a427d use value of DIRECTORY_SEPARATOR to detect Windows
This removes the unused use statements which were not catched by
PHP-CS-Fixer because of string occurences. It also fixes some invalid
phpdoc (scalar is not recognized as a valid type for instance).
This PR was merged into the 2.3 branch.
Discussion
----------
No global state for isolated tests and other fixes
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
By default, phpunit preserves global state for isolated processes. This made the tests break on my laptop.
Other tweaks included.
In branch 2.5, `src/Symfony/Component/Security/Csrf/Tests/TokenStorage/NativeSessionTokenStorageTest.php` also misses the `@preserveGlobalState disabled` annotation. Please add it when merging
Commits
-------
750f3a6 No global state for isolated tests and other fixes
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] fixed error when an IP in the X-Forwarded-For HTTP head...
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
On symfony.com, we have errors related to IP addresses in the `X-Forwarded-For` HTTP header that have a port. If that happens (I have no ideas what is doing that), the page crashes with an error like `inet_pton(): Unrecognized address 187.65.229.211:63479` (which comes from IpUtils::checkIpv6()). This fixes the root cause by removing the port.
#12572 is solving the consequence and I propose to also merge it.
Commits
-------
60ad382 [HttpFoundation] fixed error when an IP in the X-Forwarded-For HTTP header contains a port
