This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] Validate/cast cookie expire time
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Commits
-------
8215dbdb31 [HttpFoundation] Validate/cast cookie expire time
* 3.2:
do not depend on a fixed date in layout tests
[Console] Escape default value when dumping help
[Console] OS X Can't call cli_set_process_title php without superuser
Fixed @return when returning this or static #bis
fixed @return when returning this or static
Polish translation improvement in Validator component
[Console] Descriptors should use Helper::strlen
[Config] Improve PHPdoc / IDE autocomplete
[Debug] Wrap call to ->log in a try catch block
[Debug] UndefinedMethodFatalErrorHandler - Handle anonymous classes
fix merge
[cache] Bump RedisAdapter timeout to 5s
fixed @return when returning this or static
[SecurityBundle] Made collection of user provider unique when injecting them to the RemberMeService
remove is_writable check on filesystem cache
* 3.1:
do not depend on a fixed date in layout tests
[Console] Escape default value when dumping help
[Console] OS X Can't call cli_set_process_title php without superuser
Fixed @return when returning this or static #bis
fixed @return when returning this or static
Polish translation improvement in Validator component
[Console] Descriptors should use Helper::strlen
[Config] Improve PHPdoc / IDE autocomplete
[Debug] Wrap call to ->log in a try catch block
[Debug] UndefinedMethodFatalErrorHandler - Handle anonymous classes
fix merge
[cache] Bump RedisAdapter timeout to 5s
fixed @return when returning this or static
[SecurityBundle] Made collection of user provider unique when injecting them to the RemberMeService
remove is_writable check on filesystem cache
* 3.2:
[FrameworkBundle] Ignore AnnotationException exceptions in the AnnotationsCacheWarmer
fixed @return when returning this or static
override property constraints in child class
removed unneeded comment
[Console] improved code coverage of Command class
[FrameworkBundle] Make TemplateController working without the Templating component
[FrameworkBundle] Allow multiple transactions with the same name
Only count on arrays or countables to avoid warnings in PHP 7.2
* 3.1:
fixed @return when returning this or static
override property constraints in child class
removed unneeded comment
[Console] improved code coverage of Command class
[FrameworkBundle] Make TemplateController working without the Templating component
Only count on arrays or countables to avoid warnings in PHP 7.2
* 2.8:
fixed @return when returning this or static
override property constraints in child class
removed unneeded comment
[Console] improved code coverage of Command class
[FrameworkBundle] Make TemplateController working without the Templating component
Only count on arrays or countables to avoid warnings in PHP 7.2
* 2.7:
fixed @return when returning this or static
override property constraints in child class
[Console] improved code coverage of Command class
Only count on arrays or countables to avoid warnings in PHP 7.2
* 3.1:
fixed obsolete getMock() usage
fixed obsolete getMock() usage
fixed obsolete getMock() usage
[WebProfilerBundle] Display multiple HTTP headers in WDT
do not remove the Twig ExceptionController service
removed obsolete condition
do not try to register incomplete definitions
* 2.8:
fixed obsolete getMock() usage
fixed obsolete getMock() usage
[WebProfilerBundle] Display multiple HTTP headers in WDT
do not remove the Twig ExceptionController service
removed obsolete condition
do not try to register incomplete definitions
* 3.2:
[Security] Fix test
[Validator] phpize default option values
test for the Validator component to be present
[Serializer] Fix MaxDepth annotation exceptions
[DependencyInjection] Fix on-invalid attribute type in xsd
[FrameworkBundle] Fix PHP form templates on translatable attributes
[VarDumper] Fix dumping by-ref variadics
[Validator] add Indonesian translation
fixed CS
[config] Fix issue when key removed and left value only
[HttpFoundation] Fix cookie to string conversion for raw cookies
Fix misresolved parameters in debug:config on 3.2
[Console] fixed BC issue with static closures
[TwigBundle] Config is now a hard dependency
[FrameworkBundle] framework.annotations default should be true only if doctrine/annotations is installed
[Security] AbstractVoter method supportsAttribute gives false positive if attribute is zero (0)
* 3.1:
[Security] Fix test
[Validator] phpize default option values
test for the Validator component to be present
[Serializer] Fix MaxDepth annotation exceptions
[DependencyInjection] Fix on-invalid attribute type in xsd
[FrameworkBundle] Fix PHP form templates on translatable attributes
[VarDumper] Fix dumping by-ref variadics
[Validator] add Indonesian translation
fixed CS
[config] Fix issue when key removed and left value only
[HttpFoundation] Fix cookie to string conversion for raw cookies
[Console] fixed BC issue with static closures
[Security] AbstractVoter method supportsAttribute gives false positive if attribute is zero (0)
This PR was merged into the 3.3-dev branch.
Discussion
----------
Request exceptions
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20389, #20615, #20662
| License | MIT
| Doc PR | n/a
Replaces #20389 and #20662. The idea is to generically manage 400 responses when an exception implements `RequestExceptionInterface`.
The "weird" caches on the request for the host and the clients IPs allows to correctly manage exceptions in an exception listener/controller (as we are duplicating the request there, but we don't want to throw an exception there).
Commits
-------
32ec288 [HttpFoundation] refactored Request exceptions
d876809 Return a 400 response for suspicious operations
* 3.2:
Fix tests that do not trigger any depreciation
[HttpFoundation] Fix test ensuring isMethodSafe() checks cacheable
[Cache] Mark FilesystemAdapterTrait as internal
[FrameworkBundle] Dont rely on any parent definition for "cache.annotations"
* 3.2:
[Routing] Fail properly when a route parameter name cannot be used as a PCRE subpattern name
[FrameworkBundle] Improve performance of ControllerNameParser
Update documentation link to the component
[HttpFoundation] Add links to RFC-7231
[DI] Initialize properties before method calls
[Bridge/Doctrine] Use cache.prefix.seed parameter for generating cache namespace
Tag missing internals
Add missing example for 'path' argument in debug:config
[WebProfilerBundle] Dont use request attributes in RouterController
Fix complete config tests
* 3.1:
[Routing] Fail properly when a route parameter name cannot be used as a PCRE subpattern name
[FrameworkBundle] Improve performance of ControllerNameParser
Update documentation link to the component
[HttpFoundation] Add links to RFC-7231
[DI] Initialize properties before method calls
Tag missing internals
[WebProfilerBundle] Dont use request attributes in RouterController
Fix complete config tests
* 2.8:
[Routing] Fail properly when a route parameter name cannot be used as a PCRE subpattern name
[FrameworkBundle] Improve performance of ControllerNameParser
Update documentation link to the component
[HttpFoundation] Add links to RFC-7231
[DI] Initialize properties before method calls
Tag missing internals
[WebProfilerBundle] Dont use request attributes in RouterController
Fix complete config tests
* 2.7:
[Routing] Fail properly when a route parameter name cannot be used as a PCRE subpattern name
[FrameworkBundle] Improve performance of ControllerNameParser
Update documentation link to the component
[HttpFoundation] Add links to RFC-7231
[DI] Initialize properties before method calls
Tag missing internals
[WebProfilerBundle] Dont use request attributes in RouterController
Fix complete config tests
* 3.2:
Fix merge
[DI] Fixed custom services definition BC break introduced in ec7e70fb…
[HttpKernel] Deprecate checking for cacheable HTTP methods in Request::isMethodSafe()
[Process] Fix kill process on reached timeout using getIterator()
[DI] Aliases should preserve the aliased invalid behavior
This PR was merged into the 3.2 branch.
Discussion
----------
[HttpKernel] Deprecate checking for cacheable HTTP methods in Request::isMethodSafe()
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | no
| Fixed tickets | -
| License | MIT
| Doc PR | -
Late deprecation for 3.2, see #20602.
Commits
-------
34e7b95 [HttpKernel] Deprecate checking for cacheable HTTP methods in Request::isMethodSafe()
* 3.2: (24 commits)
[Filesystem] Remove extra argv in dumpFile() tests
[DI] minor FileLoaders tests update
[FrameworkBundle] Add framework.cache.prefix_seed for predictible cache key prefixes
[SecurityBundle] Remove FirewallContext mandatory FirewallConfig argument deprecation
[HttpKernel] Revert BC breaking change of Request::isMethodSafe()
[DI] Allow null as default env value
[WebProfilerBundle] Fix deprecated uses of profiler_dump
[SecurityBundle] Fix FirewallConfig nullable arguments
[FrameworkBundle] Avoid warming up the validator cache for non-existent classes
[DOMCrawler] Bug fixed
[FrameworkBundle] Mark cache.default_*_provider services private
[Process] Do feat test before enabling TTY mode
bumped Symfony version to 3.1.8
updated VERSION for 3.1.7
updated CHANGELOG for 3.1.7
bumped Symfony version to 2.8.15
updated VERSION for 2.8.14
updated CHANGELOG for 2.8.14
bumped Symfony version to 2.7.22
updated VERSION for 2.7.21
...
* 3.1:
[Filesystem] Remove extra argv in dumpFile() tests
[DI] minor FileLoaders tests update
[HttpKernel] Revert BC breaking change of Request::isMethodSafe()
[DOMCrawler] Bug fixed
[FrameworkBundle] Mark cache.default_*_provider services private
[Process] Do feat test before enabling TTY mode
bumped Symfony version to 3.1.8
updated VERSION for 3.1.7
updated CHANGELOG for 3.1.7
bumped Symfony version to 2.8.15
updated VERSION for 2.8.14
updated CHANGELOG for 2.8.14
bumped Symfony version to 2.7.22
updated VERSION for 2.7.21
update CONTRIBUTORS for 2.7.21
updated CHANGELOG for 2.7.21
Fix annotation type for $context
[Doctrine][Form] support large integers
* 2.8:
[DI] minor FileLoaders tests update
[HttpKernel] Revert BC breaking change of Request::isMethodSafe()
[DOMCrawler] Bug fixed
[Process] Do feat test before enabling TTY mode
bumped Symfony version to 2.8.15
updated VERSION for 2.8.14
updated CHANGELOG for 2.8.14
bumped Symfony version to 2.7.22
updated VERSION for 2.7.21
update CONTRIBUTORS for 2.7.21
updated CHANGELOG for 2.7.21
Fix annotation type for $context
[Doctrine][Form] support large integers
* 2.7:
[DI] minor FileLoaders tests update
[HttpKernel] Revert BC breaking change of Request::isMethodSafe()
[DOMCrawler] Bug fixed
[Process] Do feat test before enabling TTY mode
bumped Symfony version to 2.7.22
updated VERSION for 2.7.21
update CONTRIBUTORS for 2.7.21
updated CHANGELOG for 2.7.21
[Doctrine][Form] support large integers
* 3.1:
[Debug] Remove GLOBALS from exception context to avoid endless recursion
[Serializer] Improve test coverage of the MaxDepth annotation
DX: replace @link with @see annotation
bumped min version of Twig to 1.28
This PR was squashed before being merged into the 2.7 branch (closes#20275).
Discussion
----------
[HttpFoundation] Avoid implicit null to array conversion in request matcher
| Q | A |
| --- | --- |
| Branch? | 2.7 |
| Bug fix? | yes |
| New feature? | no |
| BC breaks? | no |
| Deprecations? | no |
| Tests pass? | yes |
| Fixed tickets | comma-separated list of tickets fixed by the PR, if any |
| License | MIT |
| Doc PR | reference to the documentation PR, if any |
`null` is allowed _and_ passed as default value from the constructor. Lets be explicit.
Commits
-------
a2c0a78 [HttpFoundation] Avoid implicit null to array conversion in request matcher
* 3.1:
fixed CS
Properly format value in UniqueEntityValidator
[Translation][fallback] add missing resources in parent catalogues.
removed a deprecation notice
[Form] Fix show float values as choices values in ChoiceType
Remove double use Statement
Improved the design of the metrics in the profiler
[Yaml] set arguments depending on the PHP version
[Console] Fix infinite loop on missing input
[HttpFoundation][Session] memcached connection should not be closed
* 2.8:
[Translation][fallback] add missing resources in parent catalogues.
removed a deprecation notice
[Form] Fix show float values as choices values in ChoiceType
Remove double use Statement
Improved the design of the metrics in the profiler
[Console] Fix infinite loop on missing input
[HttpFoundation][Session] memcached connection should not be closed
* 2.7:
[Translation][fallback] add missing resources in parent catalogues.
removed a deprecation notice
[Form] Fix show float values as choices values in ChoiceType
[HttpFoundation][Session] memcached connection should not be closed
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation][Session] Fix memcache session handler
| Q | A
| ------------- | ---
| Branch? | 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 3.0, 3.1, master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commit 0216e05605 removed the opening of connection to memcached server on call to `open()`, because it's assumed that connection is already opened. However, `close()` still closes the connection. As a result no more read/write calls can be made if session got closed, as the connection does not get reestablished.
Basically MemcacheSessionHandler should follow same logic as Memcache**d**SessionHandler, which is exactly what this MR acomplishes.
Commits
-------
0423d894 [HttpFoundation][Session] memcached connection should not be closed
* 3.1:
Fix edge case with StreamedResponse where headers are sent twice
removed usage of Twig_Compiler::addIndentation
A decorated service should not keep the autowiring types
merge tags instead of completely replacing them
* 2.8:
Fix edge case with StreamedResponse where headers are sent twice
removed usage of Twig_Compiler::addIndentation
A decorated service should not keep the autowiring types
merge tags instead of completely replacing them
* 2.7:
Fix edge case with StreamedResponse where headers are sent twice
removed usage of Twig_Compiler::addIndentation
merge tags instead of completely replacing them
* 3.1:
[TwigBridge] removed deprecations added in Twig 1.27
PHP CS Fixer: use php_unit_dedicate_assert
3.0 Upgrade Guide: Added details describing how to pass data to a form through the options resolver
fixed Filesystem:makePathRelative and added 2 more testcases
no 304 response if method is not cacheable
move tags from decorated to decorating service
* 2.8:
[TwigBridge] removed deprecations added in Twig 1.27
PHP CS Fixer: use php_unit_dedicate_assert
3.0 Upgrade Guide: Added details describing how to pass data to a form through the options resolver
fixed Filesystem:makePathRelative and added 2 more testcases
no 304 response if method is not cacheable
move tags from decorated to decorating service
* 2.7:
[TwigBridge] removed deprecations added in Twig 1.27
PHP CS Fixer: use php_unit_dedicate_assert
fixed Filesystem:makePathRelative and added 2 more testcases
no 304 response if method is not cacheable
move tags from decorated to decorating service
* 3.1:
Minor fixes & cleanups
[DependencyInjection] Add missing PHPDoc type
Correct a typo in the ReflectionExtractor's description
[HttpFoundation] JSONP callback validation
[Console] Improved the explanation of the hasOption() method
Uniformize exception vars according to our CS
add missing use statement
bug #18042 [Security] $attributes can be anything, but RoleVoter assumes strings
* 2.8:
[DependencyInjection] Add missing PHPDoc type
Correct a typo in the ReflectionExtractor's description
[HttpFoundation] JSONP callback validation
[Console] Improved the explanation of the hasOption() method
Uniformize exception vars according to our CS
add missing use statement
bug #18042 [Security] $attributes can be anything, but RoleVoter assumes strings
* 2.7:
[HttpFoundation] JSONP callback validation
[Console] Improved the explanation of the hasOption() method
add missing use statement
bug #18042 [Security] $attributes can be anything, but RoleVoter assumes strings
* 3.1:
[VarDumper] Fix test
Revert "minor #20011 Use UUID for error codes for Form validator. (Koc)"
Use UUID for error codes for Form validator.
Use UUID for error codes for Form validator.
Fixed regression when exception message swallowed when logging it.
[HttpFoundation] Enable memcached tests with the latest memcached extension
* 2.8:
[VarDumper] Fix test
Revert "minor #20011 Use UUID for error codes for Form validator. (Koc)"
Use UUID for error codes for Form validator.
Use UUID for error codes for Form validator.
Fixed regression when exception message swallowed when logging it.
[HttpFoundation] Enable memcached tests with the latest memcached extension
* 2.7:
Revert "minor #20011 Use UUID for error codes for Form validator. (Koc)"
Use UUID for error codes for Form validator.
Fixed regression when exception message swallowed when logging it.
[HttpFoundation] Enable memcached tests with the latest memcached extension
This PR was merged into the 3.2-dev branch.
Discussion
----------
[HttpFoundation] Deprecate extending some methods
| Q | A
| ------------- | ---
| Branch? | "master"
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/19727
| License | MIT
| Doc PR |
It's really hard to change methods signature because of bc. I'm proposing to deprecate extending some getters/setters of `Response` because of this (and because extending them is not really useful).
If you like this approach it could be used in other places to simplify bc in 4.0.
Edit: This causes issues (warnings always triggered) when mocking `Response` entirely but does it matter as people should only mock needed methods?
Commits
-------
c0a26bc [HttpFoundation] Deprecate extending some methods
* 3.1:
[FrameworkBundle] Check for class existence before is_subclass_of
Update GroupSequence.php
Code enhancement and cleanup
[Form] Fix transformer tests after the ICU update
[DI] Add anti-regression test
Revert "minor #19689 [DI] Cleanup array_key_exists (ro0NL)"
bumped Symfony version to 3.1.5
updated VERSION for 3.1.4
updated CHANGELOG for 3.1.4
bumped Symfony version to 2.8.11
updated VERSION for 2.8.10
updated CHANGELOG for 2.8.10
[BrowserKit] Fix cookie expiration on 32 bit systems
bumped Symfony version to 2.7.18
updated VERSION for 2.7.17
update CONTRIBUTORS for 2.7.17
updated CHANGELOG for 2.7.17
Update misleading comment about RFC4627
* 2.8:
[FrameworkBundle] Check for class existence before is_subclass_of
Update GroupSequence.php
Code enhancement and cleanup
[Form] Fix transformer tests after the ICU update
[DI] Add anti-regression test
Revert "minor #19689 [DI] Cleanup array_key_exists (ro0NL)"
bumped Symfony version to 2.8.11
updated VERSION for 2.8.10
updated CHANGELOG for 2.8.10
[BrowserKit] Fix cookie expiration on 32 bit systems
bumped Symfony version to 2.7.18
updated VERSION for 2.7.17
update CONTRIBUTORS for 2.7.17
updated CHANGELOG for 2.7.17
Update misleading comment about RFC4627
* 2.7:
[FrameworkBundle] Check for class existence before is_subclass_of
Update GroupSequence.php
Code enhancement and cleanup
[DI] Add anti-regression test
Revert "minor #19689 [DI] Cleanup array_key_exists (ro0NL)"
[BrowserKit] Fix cookie expiration on 32 bit systems
bumped Symfony version to 2.7.18
updated VERSION for 2.7.17
update CONTRIBUTORS for 2.7.17
updated CHANGELOG for 2.7.17
Update misleading comment about RFC4627
This PR was merged into the 2.7 branch.
Discussion
----------
Update misleading comment about RFC4627
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
RFC 4627 does not dictate escaping of HTML special characters
Commits
-------
72b6c9e Update misleading comment about RFC4627
* 3.1:
[travis] Use 7.0 until 7.1 is fixed
[DIC] Fix service autowiring inheritance
[Serializer] Fix denormalization of arrays
[SecurityBundle] Add missing deprecation notice for form_login.intention
Verify explicitly that the request IP is a valid IPv4 address
[WebProfilerBundle] replaces tabs characters by spaces.
* 2.8:
[travis] Use 7.0 until 7.1 is fixed
[DIC] Fix service autowiring inheritance
[SecurityBundle] Add missing deprecation notice for form_login.intention
Verify explicitly that the request IP is a valid IPv4 address
* 3.1:
[Routing] Add missing options in docblock
[VarDumper] Fix dumping continuations
[PropertyInfo] Fix an error in PropertyInfoCacheExtractor
[HttpFoundation] fixed Request::getContent() reusage bug
[Form] Skip CSRF validation on form when POST max size is exceeded
Use try-finally where it possible
[DependencyInjection] ContainerBuilder: Remove obsolete definitions
Enhance the phpDoc return types so IDEs can handle the configuration tree.
fixes
Remove 3.0 from branch suggestions for fixes in PR template
[Process] Strengthen Windows pipe files opening (again...)
[Cache] Handle unserialize() failures gracefully
Fix#19531 [Form] DateType fails parsing when midnight is not a valid time
* 2.8:
[Routing] Add missing options in docblock
[VarDumper] Fix dumping continuations
[HttpFoundation] fixed Request::getContent() reusage bug
[Form] Skip CSRF validation on form when POST max size is exceeded
Enhance the phpDoc return types so IDEs can handle the configuration tree.
fixes
Remove 3.0 from branch suggestions for fixes in PR template
[Process] Strengthen Windows pipe files opening (again...)
Fix#19531 [Form] DateType fails parsing when midnight is not a valid time
* 2.7:
[Routing] Add missing options in docblock
[VarDumper] Fix dumping continuations
[HttpFoundation] fixed Request::getContent() reusage bug
[Form] Skip CSRF validation on form when POST max size is exceeded
Enhance the phpDoc return types so IDEs can handle the configuration tree.
fixes
Remove 3.0 from branch suggestions for fixes in PR template
[Process] Strengthen Windows pipe files opening (again...)
Fix#19531 [Form] DateType fails parsing when midnight is not a valid time
* 3.1:
[VarDumper] Fix dumping jsons casted as arrays
PassConfig::getMergePass is not an array
Revert "bug #19114 [HttpKernel] Dont close the reponse stream in debug (nicolas-grekas)"
[Serializer] Include the format in the cache key
Fix the retrieval of the last username when using forwarding
[Yaml] Fix PHPDoc of the Yaml class
[HttpFoundation] Add OPTIONS and TRACE to the list of safe methods
Update getAbsoluteUri() for query string uris
Conflicts:
src/Symfony/Component/DependencyInjection/Compiler/PassConfig.php
src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
* 3.0:
[VarDumper] Fix dumping jsons casted as arrays
PassConfig::getMergePass is not an array
Revert "bug #19114 [HttpKernel] Dont close the reponse stream in debug (nicolas-grekas)"
Fix the retrieval of the last username when using forwarding
[Yaml] Fix PHPDoc of the Yaml class
[HttpFoundation] Add OPTIONS and TRACE to the list of safe methods
Update getAbsoluteUri() for query string uris
Conflicts:
src/Symfony/Component/Yaml/Yaml.php
* 2.8:
[VarDumper] Fix dumping jsons casted as arrays
PassConfig::getMergePass is not an array
Revert "bug #19114 [HttpKernel] Dont close the reponse stream in debug (nicolas-grekas)"
Fix the retrieval of the last username when using forwarding
[Yaml] Fix PHPDoc of the Yaml class
[HttpFoundation] Add OPTIONS and TRACE to the list of safe methods
Update getAbsoluteUri() for query string uris
* 2.7:
[VarDumper] Fix dumping jsons casted as arrays
PassConfig::getMergePass is not an array
Revert "bug #19114 [HttpKernel] Dont close the reponse stream in debug (nicolas-grekas)"
Fix the retrieval of the last username when using forwarding
[Yaml] Fix PHPDoc of the Yaml class
[HttpFoundation] Add OPTIONS and TRACE to the list of safe methods
Update getAbsoluteUri() for query string uris
This PR was squashed before being merged into the 3.2-dev branch (closes#19322).
Discussion
----------
[HttpFoundation] Add Request::isMethodIdempotent method
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Addd a new method in the spirit of `isMethodSafe` to know if the current method is idempotent according to RFCs.
Commits
-------
44df6a4 [HttpFoundation] Add Request::isMethodIdempotent method
* 3.1: (22 commits)
[travis] Fix deps=low/high builds
[Form] Fix depreciation triggers
fixed CS
skip test with current phpunit bridge
Fix for #19183 to add support for new PHP MongoDB extension in sessions.
[Console] Fix for block() padding formatting after #19189
[Security][Guard] check if session exist before using it
bumped Symfony version to 3.1.3
updated VERSION for 3.1.2
updated CHANGELOG for 3.1.2
bumped Symfony version to 3.0.9
updated VERSION for 3.0.8
updated CHANGELOG for 3.0.8
bumped Symfony version to 2.8.9
updated VERSION for 2.8.8
updated CHANGELOG for 2.8.8
bumped Symfony version to 2.7.16
updated VERSION for 2.7.15
update CONTRIBUTORS for 2.7.15
updated CHANGELOG for 2.7.15
...
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 3.0:
[travis] Fix deps=low/high builds
fixed CS
skip test with current phpunit bridge
Fix for #19183 to add support for new PHP MongoDB extension in sessions.
[Console] Fix for block() padding formatting after #19189
[Security][Guard] check if session exist before using it
bumped Symfony version to 3.0.9
updated VERSION for 3.0.8
updated CHANGELOG for 3.0.8
bumped Symfony version to 2.8.9
updated VERSION for 2.8.8
updated CHANGELOG for 2.8.8
bumped Symfony version to 2.7.16
updated VERSION for 2.7.15
update CONTRIBUTORS for 2.7.15
updated CHANGELOG for 2.7.15
Fix some lowest deps
Fixed typos in the expectedException annotations
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Security/Guard/Authenticator/AbstractFormLoginAuthenticator.php
* 2.8:
[travis] Fix deps=low/high builds
fixed CS
skip test with current phpunit bridge
Fix for #19183 to add support for new PHP MongoDB extension in sessions.
[Console] Fix for block() padding formatting after #19189
[Security][Guard] check if session exist before using it
bumped Symfony version to 2.8.9
updated VERSION for 2.8.8
updated CHANGELOG for 2.8.8
bumped Symfony version to 2.7.16
updated VERSION for 2.7.15
update CONTRIBUTORS for 2.7.15
updated CHANGELOG for 2.7.15
Fix some lowest deps
Fixed typos in the expectedException annotations
Conflicts:
CHANGELOG-2.7.md
CHANGELOG-3.0.md
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/MongoDbSessionHandlerTest.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/HttpKernel/composer.json
src/Symfony/Component/Yaml/Tests/ParserTest.php
* 2.7:
[travis] Fix deps=low/high builds
fixed CS
Fix for #19183 to add support for new PHP MongoDB extension in sessions.
bumped Symfony version to 2.7.16
updated VERSION for 2.7.15
update CONTRIBUTORS for 2.7.15
updated CHANGELOG for 2.7.15
Fixed typos in the expectedException annotations
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
This PR was squashed before being merged into the 2.7 branch (closes#18688).
Discussion
----------
[HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#6526
Emit a warning when a request has both a trusted Forwarded header and a trusted X-Forwarded-For header, as this is most likely a misconfiguration which causes security issues.
Commits
-------
ee8842f [HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
* 3.1:
fixed CS
fixed CS
fixed CS
fixed form tests
[Console] Fix formatting of SymfonyStyle::comment()
[Form] fix post max size translation type extension for >= 2.8
[Security] Allow LDAP loadUser override
removed dots at the end of @param and @return
fixed typo
* 3.0:
fixed CS
fixed CS
fixed form tests
[Console] Fix formatting of SymfonyStyle::comment()
[Form] fix post max size translation type extension for >= 2.8
removed dots at the end of @param and @return
fixed typo
* 2.8:
fixed CS
fixed form tests
[Console] Fix formatting of SymfonyStyle::comment()
[Form] fix post max size translation type extension for >= 2.8
removed dots at the end of @param and @return
fixed typo
This PR was squashed before being merged into the 3.2-dev branch (closes#19104).
Discussion
----------
Adds support for the SameSite attribute in cookies.
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
$sameSite can be set to false, "lax", or "strict".
You can read about what the different modes do here: http://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/
Commits
-------
428d0f7 Adds support for the SameSite attribute in cookies.
* 3.1:
fixed CS
fixed CS
fixed CS
fixed CS
tweaked default CS fixer config
[HttpKernel] Dont close the output stream in debug
move HttpKernel component to require section
Fixed oci and sqlsrv merge queries when emulation is disabled - fixes#17284
[Session] fix PDO transaction aborted under PostgreSQL
[Console] Use InputInterface inherited doc as possible
Mention generating absolute urls in UPGRADE files and CHANGELOG
parse embedded mappings only if value is a string
add docblock type elements to support newly added IteratorAggregate::getIterator PhpStorm support
FormBuilderInterface: fix getForm() return type.
[YAML] Fixed parsing problem with nested DateTime lists
Fixed typo in PHPDoc
* 3.0:
fixed CS
fixed CS
fixed CS
tweaked default CS fixer config
[HttpKernel] Dont close the output stream in debug
move HttpKernel component to require section
Fixed oci and sqlsrv merge queries when emulation is disabled - fixes#17284
[Session] fix PDO transaction aborted under PostgreSQL
[Console] Use InputInterface inherited doc as possible
Mention generating absolute urls in UPGRADE files and CHANGELOG
add docblock type elements to support newly added IteratorAggregate::getIterator PhpStorm support
FormBuilderInterface: fix getForm() return type.
Fixed typo in PHPDoc
* 2.8:
fixed CS
fixed CS
tweaked default CS fixer config
[HttpKernel] Dont close the output stream in debug
move HttpKernel component to require section
Fixed oci and sqlsrv merge queries when emulation is disabled - fixes#17284
[Session] fix PDO transaction aborted under PostgreSQL
[Console] Use InputInterface inherited doc as possible
Mention generating absolute urls in UPGRADE files and CHANGELOG
add docblock type elements to support newly added IteratorAggregate::getIterator PhpStorm support
FormBuilderInterface: fix getForm() return type.
Fixed typo in PHPDoc
* 2.7:
fixed CS
tweaked default CS fixer config
[HttpKernel] Dont close the output stream in debug
move HttpKernel component to require section
Fixed oci and sqlsrv merge queries when emulation is disabled - fixes#17284
[Session] fix PDO transaction aborted under PostgreSQL
[Console] Use InputInterface inherited doc as possible
add docblock type elements to support newly added IteratorAggregate::getIterator PhpStorm support
FormBuilderInterface: fix getForm() return type.
Fixed typo in PHPDoc
