This PR was submitted for the master branch but it was merged into the 2.4 branch instead (closes#11278).
Discussion
----------
Remove Spaceless Blocks From Twig Templates
Leaving it in can only mangle values from data bound to the form.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11277
| License | MIT
| Doc PR |
The tests pass here, but it doesn't seem like any tests really cover the actual rendering.
Commits
-------
793a083 Remove Spaceless Blocks From Twig Templates
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] Fix to prevent magic bytes injection in JSONP responses... (CVE-2014-4671)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no*
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
| CVE Ticket | [CVE-2014-4671](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4671)
| See Also | [Rosetta Flash](http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/)
\* Unless you are parsing the response string manually, which you really shouldn't do anyway
**THIS IS A SECURITY FIX AND SHOULD BE MERGED SHORTLY**
This fix prevents attacks vectors where third-party browser plugins depends on ASCII magic bytes in order to execute a plugin. This is currently exploited with Flash using a carefully crafted JSONP response, allowing the execution of random SWF data from a domain with a vulnerable JSONP endpoint.
This security issue is mitigated by adding an empty comment right before the callback parameter. This does not affect the execution of the JSONP callback.
Commits
-------
6af3d05 [HttpFoundation] Fix to prevent magic bytes injection in JSONP responses (Prevents CVE-2014-4671)
This PR was squashed before being merged into the 2.5 branch (closes#11284).
Discussion
----------
[Console] Remove estimated field from debug_nomax
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11281
| License | MIT
| Doc PR |
Commits
-------
2ac1bb4 [Console] Remove estimated field from debug_nomax
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] [Validator] Fix UserPassword validator translation
| Q | A
| ------------- | ---
| Fixed tickets | None
| License | MIT
Fixes the UserPassword translation message only for 2.3 as discussed in symfony/symfony#11383.
Commits
-------
73d50ed Fix UserPassword validator translation
This PR was merged into the 2.3 branch.
Discussion
----------
Remove Spaceless Blocks from Twig Form Templates
In favor of using Twig's whitespace control operators. See #11277
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11277
| License | MIT
| Doc PR |
Per @fabpot and @stof's requests in #11278, this is a PR for the 2.3 branch.
Commits
-------
8f9ed3e Remove Spaceless Blocks from Twig Form Templates
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][HttpFoundation] Fix wrong assertion in Response test
| Q | A
| ------------- | ---
| Bug fix? | kinda
| New feature? | no
| BC breaks? | no
| Tests pass? | yes
| License | MIT
Commits
-------
3d63f80 [HttpFoundation] Fix wrong assertion in Response test
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#9719).
Discussion
----------
[TwigBundle] fix configuration tree for paths
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8171
| License | MIT
| Doc PR | na
This is a joint effort with @mdavis1982 and @cordoval 👶 pairing up and warming for hacking day in Warsaw
Commits
-------
9aa88e4 added regression test
4201d41 fix issue #8171 on configuration tree for twig extension -- pairing up with @cordoval
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][Form] Cleanup & fix phpdocs
| Q | A
| ------------- | ---
| Bug fix? | kinda
| New feature? | no
| BC breaks? | no
| Tests pass? | yes
| License | MIT
This PR was done mostly cause of reports about invalid/not supported types/variables in phpstorm/scrutinizer-ci, and after I started fixing I noticed more problems in those phpdocs so I have cleanedup them a bit.
Commits
-------
a67bc76 [2.3][Form] Cleanup & fix phpdocs
This PR was merged into the 2.4 branch.
Discussion
----------
Added verbosity methods to NullOutput
These 4 methods were not added to the OutputInterface because of BC, but they should still be implemented in all classes which implement that interface. Otherwise we have to do nasty tricks...
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
0459249 Added verbosity methods
* 2.4:
added missing test
fixed CS
[HttpFoundation] Remove content-related headers if content is empty
bumped Symfony version to 2.4.8
removed defaults from PHPUnit configuration
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#11244).
Discussion
----------
[HttpFoundation] Remove body-related headers when sending the response, if body is empty
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
I've updated the implementation for informational and 204 or 304 responses. They will now, as they have no content, not return headers like `content-type` or `content-length`.
I'm unsure about `content-length` - we could also set it hardcoded to zero ... but I thought, that (because the specs say that it just can't have a response-body) the system should not return anything here.
Commits
-------
9dbe89d [HttpFoundation] Remove content-related headers if content is empty
This PR was merged into the 2.3 branch.
Discussion
----------
remove defaults from PHPUnit configuration
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | --
| License | MIT
| Doc PR | --
Follow-up to #11329.
Commits
-------
afc4930 removed defaults from PHPUnit configuration
* 2.4:
updated VERSION for 2.4.7
updated CHANGELOG for 2.4.7
bumped Symfony version to 2.3.18
updated VERSION for 2.3.17
update CONTRIBUTORS for 2.3.17
updated CHANGELOG for 2.3.17
added XSD to PHPUnit configuration
add missing docblock for ProcessBuilder::addEnvironmentVariables()
bug #11319 [HttpKernel] Ensure the storage exists before purging it in ProfilerTest
[Translation] Added unescaping of ids in PoFileLoader
updated italian translation for validation messages
[DomCrawler] Fix docblocks and formatting.
[DomCrawler] Remove the query string and the anchor of the uri of a link
Simplified the Travis test command
Remove Expression Language services when the component is unavailable
[Console] Make sure formatter is the same
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.3:
bumped Symfony version to 2.3.18
updated VERSION for 2.3.17
update CONTRIBUTORS for 2.3.17
updated CHANGELOG for 2.3.17
added XSD to PHPUnit configuration
bug #11319 [HttpKernel] Ensure the storage exists before purging it in ProfilerTest
[Translation] Added unescaping of ids in PoFileLoader
updated italian translation for validation messages
[DomCrawler] Fix docblocks and formatting.
[DomCrawler] Remove the query string and the anchor of the uri of a link
Simplified the Travis test command
[Console] Make sure formatter is the same
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
This PR was merged into the 2.3 branch.
Discussion
----------
add XSD to PHPUnit configuration
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | --
| License | MIT
| Doc PR | --
The syntax check functionality has been removed in PHPUnit 3.6 already. But there's no Composer constraint for PHPUnit, so you can never know which version will actually be used to run tests. Let me know what you think.
Commits
-------
84b5581 added XSD to PHPUnit configuration
