This PR was merged into the 2.3 branch.
Discussion
----------
[ServerBag] Handled bearer authorization header in REDIRECT_ form
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Apache rewrite module renames client request
header (`HTTP_`) by prepending `REDIRECT_` to
it. http basic authentication and http digest
authentication are properly processed in
REDIRECT_ form, while bearer is processed in
HTTP_ form, but dropped in REDIRECT_ form.
Example:
The following auth headers are handled in ServerBag,
```
HTTP_AUTHORIZATION => Basic aGVsbG86d29ybGQ=
REDIREDCT_HTTP_AUTHOIZATION => Basic aGVsbG86d29ybGQ=
HTTP_AUTHORIZATION => Digest blah
REDIRECT_HTTP_AUTHORIZATION => Digest blah
HTTP_AUTHORIZATION => Bearer mF_9.B5f-4.1JqM
```
while
```
REDIRECT_HTTP_AUTHORIZATION => Bearer mF_9.B5f-4.1JqM
```
is dropped.
Commits
-------
7b2e2df Handled bearer authorization header in REDIRECT_ form
This PR was merged into the 2.3 branch.
Discussion
----------
CS: Pre incrementation/decrementation should be used if possible
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Fixes provided by new fixer: https://github.com/FriendsOfPHP/PHP-CS-Fixer/pull/1113
If this pr is merged I would change the level of the fixer to `symfony`.
Commits
-------
c5123d6 CS: Pre incrementation/decrementation should be used if possible
This PR was squashed before being merged into the 2.3 branch (closes#14206).
Discussion
----------
[2.3] SCA for Components - reference mismatches
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Static Code Analysis with Php Inspections (EA Extended), no functional changes:
- worked out some of reference mismatches
Commits
-------
f732659 [2.3] SCA for Components - reference mismatches
This PR was merged into the 2.3 branch.
Discussion
----------
CS: Unary operators should be placed adjacent to their operands
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Update before upcoming changes on PHP CS Fixer 1.7
To keep fabbot.io happy ;)
Commits
-------
2367f4a CS: Unary operators should be placed adjacent to their operands
This PR was merged into the 2.3 branch.
Discussion
----------
CS: Convert double quotes to single quotes
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Changes generated automatically by upcoming PHP CS Fixer.
To keep fabbot.io happy ;)
Commits
-------
f99c22c CS: Convert double quotes to single quotes
Reduce couple count calls in [Yaml]
Modernize type casting, fix several strict comparisons
Unsets merged
Elvis operator usage
Short syntax for applied operations
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] [HttpFoundation] fixed param order for Nginx's x-accel-mapping
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | kinda
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13502
| License | MIT
| Doc PR | n/a
Inverted path and location directives for x-accel-mapping header (fixes#13502).
Before:
```proxy_set_header X-Accel-Mapping /internal/=/var/www/example.com/```
After:
```proxy_set_header X-Accel-Mapping /var/www/example.com/=/internal/```
It could be a BC break since the response will fail if someone sends this header
honoring the previous signature, thus I need some feedback in order to choose the right branch for this change.
Commits
-------
9f9f230 [2.3] [HttpFoundation] fixed param order for Nginx's x-accel-redirect
Apache rewrite module renames client request
header (`HTTP_`) by prepending `REDIRECT_` to
it. http basic authentication and http digest
authentication are properly processed in
REDIRECT_ form, while bearer is processed in
HTTP_ form, but dropped in REDIRECT_ form.
This PR was squashed before being merged into the 2.3 branch (closes#13469).
Discussion
----------
Fix docblocks to comments
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Change docblock into comment when it's not a proper docblock.
Commits
-------
779926a Fix docblocks to comments
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] Removed dead code and various cleaning
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
50973ba Removed dead code and various cleaning
This PR was squashed before being merged into the 2.3 branch (closes#13039).
Discussion
----------
[HttpFoundation] [Request] fix baseUrl parsing to fix wrong path_info
Hi everyone!
We at trivago had an issue with the Request object. It seems that all versions of symfony 2.x and 3.x are affected from this (possible) bug (don't checked 1.x).
Here is the problem:
some old legacy pages are deployed in the Document Root, let's say /var/www/www.test.com/ .
one or more new applications based on symfony are deployed to /var/release/new_app1/ , /var/release/new_app2/ , ... .
in /var/www/www.test.com/ there is a symlink "app" to /var/release/new_app1/web, like:
/var/www/www.test.com/app --> /var/release/new_app1/web/
there is a "SEO"/human-readable rewrite rule for Document Root (if called path/file not exist): (.*) --> app/app.php
the problem comes, when the user calls a uri starting with "app" or whatever the rewrite rule / symlink points to:
the user calls "http://www.test.com/apparthotel-1234"
results in $_SERVER parameters like this
```
'DOCUMENT_ROOT' =>'/var/www/www.test.com',
'SCRIPT_FILENAME' => '/var/www/www.test.com/app/app.php',
'SCRIPT_NAME' => '/app/app.php',
'PHP_SELF' => '/app/app.php/apparthotel-1234'
```
in Request::prepareBaseUrl() there are checks to find the baseUrl:
```
if ($baseUrl && false !== $prefix = $this->getUrlencodedPrefix($requestUri, $baseUrl)) {
// full $baseUrl matches
return $prefix;
}
if ($baseUrl && false !== $prefix = $this->getUrlencodedPrefix($requestUri, dirname($baseUrl))) {
// directory portion of $baseUrl matches
return rtrim($prefix, '/');
}
```
first it is checked if (in our case) "/app/app.php" is in the request uri (/apparthotel-1234).
it's not.
then it takes the dirname (of /app/app.php) which is /app and checks if it is in the request uri (/apparthotel-1234), and YES, it is! and "/app" is returned, but this is wrong, it should be empty (because it comes from a rewrite rule from root: /)!
later in preparePathInfo(), if there is a baseUrl, then the baseUrl is removed from the request uri:
/apparthotel-1234 ---> /arthotel-1234
The cause is, the second baseUrl check, checks if the path of the application is already in the uri, like when the request was "http://www.test.com/app/apparthotel-1234" and hit a rewrite rule like (.*) --> app.php in there, but because it matches a directory it must match "dirname($baseUrl) . '/'".
I also needed to fix one unit test of the getBaseUrl test:
the request uri recently was "/foo%20bar".
but from the $_SERVER infos "foo bar" is a directory, see:
```
'SCRIPT_FILENAME' => '/home/John Doe/public_html/foo bar/app.php',
'SCRIPT_NAME' => '/foo bar/app.php',
'PHP_SELF' => '/foo bar/app.php',
```
webservers will redirect a request "http://www.test.com/foo%20bar" to "http://www.test.com/foo%20bar/" when "foo bar" is a directory. checked this for apache 2.x and nginx 1.4.x.
this fix is for symfony master (3.0.x, see #13039).
I also prepared a merge request for actual 2.7 branch, it will also follow in some minutes. (see #13040)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | this, #13040, #13038, #7329
| License | MIT
[HttpFoundation] [Request]
* added missing slash to baseUrl-path part check to remove the path, only when it's also a path in the uri
[HttpFoundation] [Tests] [RequestTest]
* fixed and added unittests
This is the symfony 2.3 branch fix for the issue related to #13038 and #13040
Happy christmas!
Commits
-------
3a3ecd3 [HttpFoundation] [Request] fix baseUrl parsing to fix wrong path_info
PHPUnit ini_set wrapper is now used in tests to automatically reset
ini settings after the test is run. This avoids possible side effects
and test skipping.
Native ini_set is still used in DefaultCsrfProviderTest, but its
tests are run in isolation.
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] for consistency, use value of DIRECTORY_SEPARATOR to detect Windows
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This commit unifies the detection of Windows builds across the Symfony
codebase.
Commits
-------
20a427d use value of DIRECTORY_SEPARATOR to detect Windows