This PR was merged into the 2.6-dev branch.
Discussion
----------
[Console] Fix test on windows
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
8be4c92 [Console] Fix test on windows
So we can compare the specificity without using the value, so it doesn't matter if the base isn't high enough (for example, 1,0,0 should be higher then 0,11,0. Currently with using values, this wouldn't be possible (100 vs 110).
* 2.5:
[Process] Adjust PR #11264, make it Windows compatible and fix CS
[Process] Fix unit tests on Windows platform
bumped Symfony version to 2.5.3
bumped Symfony version to 2.4.9
bumped Symfony version to 2.3.19
updated VERSION for 2.5.2
updated CHANGELOG for 2.5.2
updated VERSION for 2.4.8
updated CHANGELOG for 2.4.8
[2.5][Form] solved dependency to ValidatorInterface, fix#11036
updated VERSION for 2.3.18
update CONTRIBUTORS for 2.3.18
updated CHANGELOG for 2.3.18
[Process] Use correct test for empty string in UnixPipes
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Process/ProcessPipes.php
* 2.4:
[Process] Adjust PR #11264, make it Windows compatible and fix CS
[Process] Fix unit tests on Windows platform
bumped Symfony version to 2.4.9
bumped Symfony version to 2.3.19
updated VERSION for 2.4.8
updated CHANGELOG for 2.4.8
updated VERSION for 2.3.18
update CONTRIBUTORS for 2.3.18
updated CHANGELOG for 2.3.18
[Process] Use correct test for empty string in UnixPipes
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.3:
[Process] Adjust PR #11264, make it Windows compatible and fix CS
[Process] Fix unit tests on Windows platform
bumped Symfony version to 2.3.19
updated VERSION for 2.3.18
update CONTRIBUTORS for 2.3.18
updated CHANGELOG for 2.3.18
[Process] Use correct test for empty string in UnixPipes
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] [Process] Use correct test for empty string in UnixPipes
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This PR supersedes #11264 : 2.3 compatibility + Windows compatibility + CS fix
Commits
-------
cec0a45 [Process] Adjust PR #11264, make it Windows compatible and fix CS
9e1ea4a [Process] Use correct test for empty string in UnixPipes
This PR was squashed before being merged into the 2.6-dev branch (closes#11350).
Discussion
----------
[2.5][Form] solved dependency to ValidatorInterface, fix#11036
| Q | A
| ------------- | ---
| Bug fix? | [yes]
| New feature? | [no]
| BC breaks? | [no]
| Deprecations? | [no]
| Tests pass? | [yes]
| Fixed tickets | #11036, #11345
| License | MIT
| Doc PR |
Since Symfony 2.5
The problem was that the form component has a hardcoded depencency to the deprecated validator component (api Version 2.4)
The pull request fixes the dependency to the validator component and supports now both implementations, apiVersion 2.5 and apiVersion 2.4 of the validator component.
@Symfony Core Members
please review the changes 0a1e9c208f/src/Symfony/Component/Form/Extension/Validator/ValidatorExtension.php
I'm not sure if it was the right solution
Commits
-------
ab765c9 [2.5][Form] solved dependency to ValidatorInterface, fix#11036
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] Fix to prevent magic bytes injection in JSONP responses... (CVE-2014-4671)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no*
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
| CVE Ticket | [CVE-2014-4671](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4671)
| See Also | [Rosetta Flash](http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/)
\* Unless you are parsing the response string manually, which you really shouldn't do anyway
**THIS IS A SECURITY FIX AND SHOULD BE MERGED SHORTLY**
This fix prevents attacks vectors where third-party browser plugins depends on ASCII magic bytes in order to execute a plugin. This is currently exploited with Flash using a carefully crafted JSONP response, allowing the execution of random SWF data from a domain with a vulnerable JSONP endpoint.
This security issue is mitigated by adding an empty comment right before the callback parameter. This does not affect the execution of the JSONP callback.
Commits
-------
6af3d05 [HttpFoundation] Fix to prevent magic bytes injection in JSONP responses (Prevents CVE-2014-4671)
This PR was squashed before being merged into the 2.5 branch (closes#11284).
Discussion
----------
[Console] Remove estimated field from debug_nomax
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11281
| License | MIT
| Doc PR |
Commits
-------
2ac1bb4 [Console] Remove estimated field from debug_nomax
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] [Validator] Fix UserPassword validator translation
| Q | A
| ------------- | ---
| Fixed tickets | None
| License | MIT
Fixes the UserPassword translation message only for 2.3 as discussed in symfony/symfony#11383.
Commits
-------
73d50ed Fix UserPassword validator translation
This PR was merged into the 2.6-dev branch.
Discussion
----------
Allow xdebug.file_link_format from php ini to work when xdebug extension is not loaded
Q | A
----------------- | ---------------
Bug fix? | yes
New feature? | no
BC breaks? | no
Deprecations? | no
Tests pass? | yes
Fixed tickets | #11081
License | MIT
Doc PR | N/A
Complete the PR https://github.com/symfony/symfony/pull/11081
Commits
-------
8b2397c Applyied code review
97e07d5 Check for xdebug link format via both ini_get and get_cfg_var
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][HttpFoundation] Fix wrong assertion in Response test
| Q | A
| ------------- | ---
| Bug fix? | kinda
| New feature? | no
| BC breaks? | no
| Tests pass? | yes
| License | MIT
Commits
-------
3d63f80 [HttpFoundation] Fix wrong assertion in Response test
This PR was squashed before being merged into the 2.6-dev branch (closes#10960).
Discussion
----------
[Filesystem] Throw Exception on copying from an unreadable file or to an unwritable file
| Q | A |
| ------------- | ------------- |
| Bug fix? | No |
| New feature? | No |
| BC breaks? | No |
| Deprecations? | No |
| Tests pass? | Yes |
| Fixed tickets | |
| License | MIT |
In certain circumstances (overwrite set to true, target file not writable), Filesystem->copy() would return success even though the file was not successfully copied. Unit tests included.
Commits
-------
cd5da9b [Filesystem] Throw Exception on copying from an unreadable file or to an unwritable file
This PR was merged into the 2.4 branch.
Discussion
----------
Added verbosity methods to NullOutput
These 4 methods were not added to the OutputInterface because of BC, but they should still be implemented in all classes which implement that interface. Otherwise we have to do nasty tricks...
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
0459249 Added verbosity methods
