* 2.7:
Show exception is checked twice in ExceptionController of twig
allow SSI fragments configuration in XML files
Display a better error message when the toolbar cannot be displayed
render hidden _method field in form_rest()
return fallback locales whenever possible
* 2.7:
[Routing] Fix XmlFileLoader exception message
Sessions: configurable "use_strict_mode" option for NativeSessionStorage
[FrameworkBundle] [Command] Clean bundle directory, fixes#23177
Reset redirectCount when throwing exception
[TwigBundle] Remove template.xml services when templating is disabled
add content-type header on exception response
Embedding a response that combines expiration and validation, that should not defeat expiration on the combined response
Fix two edge cases in ResponseCacheStrategy
[Routing] Expose request in route conditions, if needed and possible
[Routing] Expose request in route conditions, if needed and possible
[Translation][FrameworkBundle] Fix resource loading order inconsistency reported in #23034
[Filesystem] added workaround in Filesystem::rename for PHP bug
Add tests for ResponseCacheStrategy to document some more edge cases
[HttpFoundation] added missing docs
fixes#21606
[VarDumper] fixes
[Security] fix switch user _exit without having current token
* 2.7:
[Validator] phpize default option values
test for the Validator component to be present
[DependencyInjection] Fix on-invalid attribute type in xsd
[FrameworkBundle] Fix PHP form templates on translatable attributes
[VarDumper] Fix dumping by-ref variadics
* 2.7:
[Form] Fix typo in doc comment
[Config] Handle open_basedir restrictions in FileLocator
[bugfix] [Console] Set `Input::$interactive` to `false` when command is executed with `--quiet` as verbosity level
Use JSON_UNESCAPED_SLASHES for lint commands output
Fixed collapsed ChoiceType options attributes
Fixed the nullable support for php 7.1 and below
* 2.7:
[FrameworkBundle] Fix Incorrect line break in exception message (500 debug page)
Minor cleanups and improvements
[form] lazy trans `post_max_size_message`.
[DI] Fix setting synthetic services on ContainerBuilder
[ClassLoader] Fix ClassCollectionLoader inlining with declare(strict_types=1)
* 2.7:
[Routing] Add missing options in docblock
[VarDumper] Fix dumping continuations
[HttpFoundation] fixed Request::getContent() reusage bug
[Form] Skip CSRF validation on form when POST max size is exceeded
Enhance the phpDoc return types so IDEs can handle the configuration tree.
fixes
Remove 3.0 from branch suggestions for fixes in PR template
[Process] Strengthen Windows pipe files opening (again...)
Fix#19531 [Form] DateType fails parsing when midnight is not a valid time
* 2.7:
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
This PR was squashed before being merged into the 2.7 branch (closes#18688).
Discussion
----------
[HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#6526
Emit a warning when a request has both a trusted Forwarded header and a trusted X-Forwarded-For header, as this is most likely a misconfiguration which causes security issues.
Commits
-------
ee8842f [HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
* 2.7:
[CS] Respect PSR2 4.2
[Form] fix `empty_data` option in expanded `ChoiceType`
[Console] removed unneeded private methods
sync min email validator version
[TwigBridge] Fix inconsistency in LintCommand help
explicitly forbid e-mail validator 2.0 or higher
Fixed SymfonyQuestionHelper multi-choice with defaults
[DoctrineBridge] Don't use object IDs in DoctrineChoiceLoader when passing a value closure
Differentiate between the first time a progress bar is displayed and subsequent times
finished previous commit
No more exception for malformed input name
fix post_max_size_message translation
[Process] Fix pipes cleaning on Windows
Avoid phpunit 5.4 warnings on getMock
[Form] Add exception to FormRenderer about non-unique block names
[Form] Consider a violation even if the form is not submitted
* 2.7:
[HttpFoundation] Use UPSERT for sessions stored in PgSql >= 9.5
[Console] fixed PHPDoc
[travis] HHVM 3.12 LTS
Fix feature detection for IE
[Form] Fixed collapsed choice attributes
[Console] added explanation of messages usage in a progress bar
force enabling the external XML entity loaders
[Yaml] properly count skipped comment lines
Conflicts:
src/Symfony/Component/Translation/Loader/XliffFileLoader.php
* 2.7:
[ci] Get ICU/intl from github instead of nebm.ist.utl.pt/~glopes
[Debug] Fix case sensitivity checks
[Debug] Fix handling of php7 throwables
fix high deps tests
[Process] remove dead code
[WebProfilerBundle] Add missing use statement.
[ClassLoader] Fix storing not-found classes in APC cache
[Form] cs fixes in date types
[phpunit] disable prophecy
* 2.7:
Update twig.html.twig
[2.7] [FrameworkBundle] minor fix tests added by #17569
fixed CS
fixed CS
documented the $url parameter better
[Form] add test for ArrayChoiceList handling null
[Form] fix edge cases with choice placeholder
register commands from kernel when accessing list
Update FileSystem
* 2.7:
[Routing] added a suggestion to add the HttpFoundation component.
[travis] Add some comments
changed operator from and to &&
Fixed the Bootstrap form theme for inlined checkbox/radio
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/choice_widget_collapsed.html.php
* 2.3:
[travis] Add some comments
changed operator from and to &&
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/choice_widget_collapsed.html.php
* 2.7:
[Console] Add missing `@require` annotation in test
Fix merge
[appveyor] Fix failure reporting
[#17634] move DebugBundle license file
backport GlobTest from 2.7 branch
Move licenses according to new best practices
[FrameworkBundle] Remove unused code in test
[2.3] Fixed an undefined variable in Glob::toRegex
simplified a test
fix container cache key generation
[Form] fix option name in changelog
[Translation] Add resources from fallback locale
[DependencyInjection] enforce tags to have a name
[YAML] Refine the return value of Yaml::parse()
Conflicts:
src/Symfony/Component/DependencyInjection/Tests/Loader/YamlFileLoaderTest.php
* 2.7:
fixed CS
[BrowserKit] Corrected HTTP_HOST logic #15398
resolve aliases in factories
resolve aliases in factory services
Remove invalid CSS white-space value
Fix FileSystem tests on Windows
[Form] ArrayChoiceList can now deal with a null in choices