This PR was merged into the 2.7 branch.
Discussion
----------
[WebProfilerBundle] Normalize whitespace in exceptions passed in headers
| Q | A
| ------------- | ---
| Branch? | 2.7 upwards
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22072
| License | MIT
If an exception was thrown with line separators in its message the WebProfiler would cause an exception by passing it through unsanitized into the X-Debug-Error HTTP header. This commit fixes that by replacing all whitespace sequences with a single space in the header.
Commits
-------
d64679014b [WebProfilerBundle] Normalize whitespace in exceptions passed in headers
If an exception was thrown with line separators in its message the
WebProfiler would cause an exception by passing it through unsanitized
into the X-Debug-Error HTTP header. This commit fixes that by replacing
all whitespace sequences with a single space in the header.
This PR was merged into the 2.7 branch.
Discussion
----------
[WebProfilerBundle] add dependency on Twig
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20802
| License | MIT
| Doc PR |
Requiring a specific minimum version of the TwigBridge just to be sure
that we end up with the required Twig version does not make much sense
if can simply specify the required version instead (we do in fact depend
on Twig in the WebProfilerBundle).
Commits
-------
91689a7 add dependency on Twig
Requiring a specific minimum version of the TwigBridge just to be sure
that we end up with the required Twig version does not make much sense
if can simply specify the required version instead (we do in fact depend
on Twig in the WebProfilerBundle).
* 2.3:
[2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
call get() after the container was compiled
Fixed readme of OptionsResolver
* 2.3:
[HttpFoundation] Fix transient test
[HttpFoundation] Add a dependency on the mbstring polyfill
add readme files where missing
Don't use reflections when possible
[Form] Update form tests after the ICU data update
[Intl] Update tests and the number formatter to match behaviour of the intl extension
[Intl] Update the ICU data to version 55
[Intl] Fix the update-data.php script in preparation for ICU 5.5
Use constant instead of function call.
fixed test name
automatically generate safe fallback filename
Conflicts:
src/Symfony/Component/Debug/Debug.php
src/Symfony/Component/HttpFoundation/composer.json
src/Symfony/Component/Serializer/Tests/Normalizer/GetSetMethodNormalizerTest.php
This PR was squashed before being merged into the 2.7 branch (closes#17744).
Discussion
----------
Improve error reporting in router panel of web profiler
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #17342
| License | MIT
| Doc PR | -
### Problem
If you define a route condition like this:
```yaml
app:
resource: '@AppBundle/Controller/'
type: annotation
condition: "request.server.get('HTTP_HOST') matches '/.*\.dev/'"
```
When browsing the Routing panel in the web profiler, you see an exception:
![problem](https://cloud.githubusercontent.com/assets/73419/12930027/553eeb08-cf76-11e5-90b1-ab0de6175d4e.png)
#### Why?
Because the route condition uses the `request` object, but the special `TraceableUrlMatcher` class doesn't get access to the real `request` object but to the special object obtained via:
```php
$request = $profile->getCollector('request');
```
These are the contents of this pseudo-request:
![cause](https://cloud.githubusercontent.com/assets/73419/12930052/804ea248-cf76-11e5-9c38-2e43e1654065.png)
`request.server.get(...)` condition fails because `request.server` is `null`. The full exception message shows this:
![exception](https://cloud.githubusercontent.com/assets/73419/12930079/9c7d6058-cf76-11e5-8eeb-45f5059c824c.png)
### Solution
I propose to catch all exceptions in `TraceableUrlMatcher` and display an error message with some details of the exception:
![error_message](https://cloud.githubusercontent.com/assets/73419/12930106/b29e31d2-cf76-11e5-868c-98d8b0cc4e5b.png)
Commits
-------
1001554 Improve error reporting in router panel of web profiler
Replace base64 template icon with svg version. If you set the Content-Security-Policy you would need to provide "img-src 'self' data:;" just for that icon (or get an error in the console). This should be fixed in the new version of the toolbar but it would be nice to have a fix for 2.7 LTS too.
This PR was merged into the 2.3 branch.
Discussion
----------
Remove invalid CSS white-space value
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
03d3182 Remove invalid CSS white-space value
This PR was merged into the 2.3 branch.
Discussion
----------
Static code analysis
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Things that done:
* fix case in method calls
* removed unused imports
* use shorter concat where it possible
* optimize some css
* removed duplicated array keys
* removed redurant return statements
* removed one-time variables
* do not pass arguments that not used in functions
Commits
-------
8db691a Static code analysis
* 2.3:
fixed undefined variable
Fixed the phpDoc of UserInterface
fixed APCu dep version
Added support for the `0.0.0.0/0` trusted proxy
[DoctrineBridge][Validator] >= 2.3 Pass association instead of ID as argument
[HttpKernel] Lookup the response even if the lock was released after 2 seconds