* 2.8:
removed unneeded comments in tests
Change PHPDoc in ResponseHeaderBag::getCookies() to help IDEs
[HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
[Process] Consider \"executable\" suffixes first on Windows
Triggering RememberMe's loginFail() when token cannot be created
This PR was squashed before being merged into the 2.8 branch (closes#26973).
Discussion
----------
[HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
| Q | A
| ------------- | ---
| Branch? | 2.7 and up
| Bug fix? | improvement
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ---
| License | MIT
| Doc PR | ---
SubRequest used in `InlineFragmentRendered` explicitly sets `$server['REMOTE_ADDR']` to `127.0.0.1`. Therefore, it's required to configure `127.0.0.1` address in TRUSTED_PROXIES environment variable. Without that, `Request::isFromTrustedProxy()` will return false.
The current behavior might be a little bit problematic, for instance, in case where images are rendered through subrequests. These might end-up with an incorrect schema in URL (`http` instead of `https`).
Commits
-------
18f55feef8 [HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Catch HttpExceptions when templating is not installed
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | ?
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | #25844
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
- [x] Test manually
- [x] Check for BC breaks
- [x] Needs tests
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
4e527aa bug #25844 [HttpKernel] Catch HttpExceptions when templating is not installed
* 2.8:
[Security] guardAuthenticationProvider::authenticate cannot return null according to interface specification
[VarDumper] Remove decoration from actual output in tests
[PropertyInfo] Minor cleanup and perf improvement
[Bridge/Doctrine] fix count() notice on PHP 7.2
[Security] Skip user checks if not implementing UserInterface
[HttpFoundation] Add HTTP_EARLY_HINTS const
[DoctrineBridge] Improve exception message at `IdReader::getIdValue()`
fixed CS
Use new PHP7.2 functions in hasColorSupport
[VarDumper] Fix dumping of SplObjectStorage
Fixed being logged out on failed attempt in guard
* 2.7:
[VarDumper] Remove decoration from actual output in tests
[Bridge/Doctrine] fix count() notice on PHP 7.2
[Security] Skip user checks if not implementing UserInterface
[HttpFoundation] Add HTTP_EARLY_HINTS const
[DoctrineBridge] Improve exception message at `IdReader::getIdValue()`
fixed CS
Use new PHP7.2 functions in hasColorSupport
[VarDumper] Fix dumping of SplObjectStorage
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] Send cookies using header() to fix "SameSite" ones
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25344
| License | MIT
| Doc PR | -
Commits
-------
73fec237da [HttpFoundation] Add functional tests for Response::sendHeaders()
e350ea000f [HttpFoundation] Send cookies using header() to fix "SameSite" ones
* 2.8:
fixed Twig URL
Don't assume that file binary exists on *nix OS
Fix that ESI/SSI processing can turn a \"private\" response \"public\"
[Form] Fixed trimming choice values
* 2.7:
fixed Twig URL
Don't assume that file binary exists on *nix OS
Fix that ESI/SSI processing can turn a \"private\" response \"public\"
[Form] Fixed trimming choice values
This PR was squashed before being merged into the 2.7 branch (closes#26643).
Discussion
----------
Fix that ESI/SSI processing can turn a "private" response "public"
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Under the condition that
* we are merging in at least one *embedded* response,
* all *embedded* responses are `public`,
* the *main* response is `private` and
* all responses use expiration-based caching (note: no `s-maxage` on the *main* response)
... the resulting response will turn to `Cache-Control: public`.
The real issue is that when all responses use expiration-based caching, a combined max age is computed. This is set on the *main* response using `Response::setSharedMaxAge()`, which implicitly sets `Cache-Control: public`.
The fix provided in this PR solves the problem by applying the same logic to the *main* response that is applied for *embedded* responses, namely that responses with `!Response::isCacheable()` will make the resulting response have `Cache-Control: private, no-cache, must-revalidate` and have `(s)max-age` removed.
This makes the change easy to understand, but makes responses uncacheable too often. This is because the `Response::isCacheable()` method was written to determine whether it is safe for a shared cache to keep the response, which is not the case as soon as a `private` response is involved. This might be improved upon in another PR.
Commits
-------
3d27b5946d Fix that ESI/SSI processing can turn a \"private\" response \"public\"
* 2.8:
fixed deprecated messages in tests
[HttpCache] Unlink tmp file on error
Added LB translation for #26327 (Errors sign for people that do not see colors)
[TwigBridge] Fix rendering of currency by MoneyType
[HttpKernel] DumpDataCollector: do not flush when a dumper is provided
* 2.7:
[HttpCache] Unlink tmp file on error
Added LB translation for #26327 (Errors sign for people that do not see colors)
[TwigBridge] Fix rendering of currency by MoneyType
[HttpKernel] DumpDataCollector: do not flush when a dumper is provided
* 2.8:
[Bridge\PhpUnit] Exit as late as possible
Update Repository Symlink Helper
Document explicitly that dotfiles and vcs files are ignored by default
do not mock the container builder in tests
* 2.7:
[Bridge\PhpUnit] Exit as late as possible
Update Repository Symlink Helper
Document explicitly that dotfiles and vcs files are ignored by default
do not mock the container builder in tests
* 3.3:
[HttpFoundation] Use the correct syntax for session gc based on Pdo driver
Removed assertDateTimeEquals() methods.
Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
Disable CSP header on exception pages only in debug
Fixed submitting disabled buttons
Fixed Button::setParent() when already submitted
Improve assertions
Restore RoleInterface import
Improve assertions
SCA: get rid of repetitive calls
allow null values for root nodes in YAML configs
revert useless tests fixtures changes
[VarDumper] Fix docblock
Improve phpdoc to make it more explicit
* 2.8:
[HttpFoundation] Use the correct syntax for session gc based on Pdo driver
Removed assertDateTimeEquals() methods.
Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
Disable CSP header on exception pages only in debug
Fixed submitting disabled buttons
Fixed Button::setParent() when already submitted
Improve assertions
Improve assertions
SCA: get rid of repetitive calls
allow null values for root nodes in YAML configs
[VarDumper] Fix docblock
Improve phpdoc to make it more explicit
* 2.7:
[HttpFoundation] Use the correct syntax for session gc based on Pdo driver
Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
Disable CSP header on exception pages only in debug
Fixed submitting disabled buttons
Fixed Button::setParent() when already submitted
Improve assertions
SCA: get rid of repetitive calls
allow null values for root nodes in YAML configs
[VarDumper] Fix docblock
Improve phpdoc to make it more explicit
* 3.3:
[HttpKernel] DebugHandlersListener should always replace the existing exception handler
fix the Composer API being used
[Debug] Always decorate existing exception handlers to deal with fatal errors
Enableable ArrayNodeDefinition is disabled for empty configuration
Fixing a bug where the dump() function depended on bundle ordering
[Cache] Fix handling of apcu_fetch() edgy behavior
Add nn (Norwegian Nynorsk) translation files, and improve existing file
Problem in phar see mergerequest #25579
[Form] Disallow transform dates beyond the year 9999
Copied NO language files to the new NB locale.
[Serializer] DateTimeNormalizer handling of null and empty values (returning null or empty instead of new object)
[Console] Improve phpdoc on StyleInterface::ask()
* 3.3:
fix merge
fixed wrong description in a phpdoc
19 digits VISA card numbers are valid
Add missing @ in phpdoc return statement
Don't right trim the deprecation message
[HttpKernel] Fixed test name
[Debug] prevent infinite loop with faulty exception handlers
Add the missing `enabled` session attribute
[HttpKernel] Turn bad hosts into 400 instead of 500
* 2.8:
fixed wrong description in a phpdoc
19 digits VISA card numbers are valid
[HttpKernel] Fixed test name
[Debug] prevent infinite loop with faulty exception handlers
Add the missing `enabled` session attribute
[HttpKernel] Turn bad hosts into 400 instead of 500
* 2.7:
fixed wrong description in a phpdoc
19 digits VISA card numbers are valid
[HttpKernel] Fixed test name
[Debug] prevent infinite loop with faulty exception handlers
Add the missing `enabled` session attribute
[HttpKernel] Turn bad hosts into 400 instead of 500
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Fix session handling: decouple "save" from setting response "private"
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Fixes https://github.com/symfony/symfony/pull/25583#issuecomment-355717344 from @Tobion, and provides extra laziness for the "session" service, related to https://github.com/symfony/recipes/pull/333.
(deps=high failure will be fixed by merging to upper branches.)
Commits
-------
f8727b8827 [HttpKernel] Fix session handling: decouple "save" from setting response "private"
