This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] Fix Request::getHost() when having several hosts in X_FORWARDED_HOST
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The first "host" in the list provided by `X_FORWARDED_HOST` should be the one, not the last.
Already the case for "port" and "scheme".
Commits
-------
9a2b2de64f [HttpFoundation] Fix Request::getHost() when having several hosts in X_FORWARDED_HOST
* 2.3:
[ci] use hirak/prestissimo
[Filesystem] Fix transient tests
[HttpFoundation] Avoid warnings when checking malicious IPs
[HttpFoundation] Set the Content-Range header if the requested Range is unsatisfied
Conflicts:
appveyor.yml
src/Symfony/Component/Filesystem/Tests/FilesystemTest.php
* 2.3:
[HttpFoundation] Fix transient test
[HttpFoundation] Add a dependency on the mbstring polyfill
add readme files where missing
Don't use reflections when possible
[Form] Update form tests after the ICU data update
[Intl] Update tests and the number formatter to match behaviour of the intl extension
[Intl] Update the ICU data to version 55
[Intl] Fix the update-data.php script in preparation for ICU 5.5
Use constant instead of function call.
fixed test name
automatically generate safe fallback filename
Conflicts:
src/Symfony/Component/Debug/Debug.php
src/Symfony/Component/HttpFoundation/composer.json
src/Symfony/Component/Serializer/Tests/Normalizer/GetSetMethodNormalizerTest.php
* 2.3:
[DomCrawler] Dont use LIBXML_PARSEHUGE by default
[Filesystem] Reduce complexity of ->remove()
added tests for non-trusted proxies
add 'guid' to list of exception to filter out
Ensure backend slashes for symlinks on Windows systems
[Filesystem] Try to delete broken symlinks
* 2.3:
[Request] Ignore invalid IP addresses sent by proxies
Able to load big xml files with DomCrawler
fixed typo
[Form] Fix constraints could be null if not set
[Finder] Check PHP version before applying a workaround for a PHP bug
fixed CS
sort bundles in config:dump-reference command
Fixer findings.
* 2.3:
[Process] Remove a misleading comment
Improve the phpdoc of SplFileInfo methods
[Process] Use stream based storage to avoid memory issues
Fixed the documentation of VoterInterface::supportsAttribute
Remove useless duplicated tests
[FrameworkBundle] Optimize framework extension tests
Use is_subclass_of instead of Reflection when possible
* 2.3:
[travis] timeout the sigchild tests at 60s
CS: Single line comments should use double slashes (//) and not hash (#).
Do not use HttpKernel Extension when not needed
bumped Symfony version to 2.3.37
updated VERSION for 2.3.36
update CONTRIBUTORS for 2.3.36
updated CHANGELOG for 2.3.36
use nowdoc instead of heredoc
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ConfigDumpReferenceCommand.php
src/Symfony/Bundle/FrameworkBundle/Command/RouterApacheDumperCommand.php
src/Symfony/Bundle/FrameworkBundle/Command/RouterMatchCommand.php
src/Symfony/Bundle/FrameworkBundle/Translation/Translator.php
src/Symfony/Bundle/TwigBundle/Command/LintCommand.php
src/Symfony/Component/Config/Tests/Definition/Dumper/YamlReferenceDumperTest.php
src/Symfony/Component/Debug/ExceptionHandler.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Routing/Generator/Dumper/PhpGeneratorDumper.php
* 2.3:
Fix undefined array $server
[ProxyManager] Tmp fix composer reqs issue in ZF
Add missing exclusions from phpunit.xml.dist
Fix the server variables in the router_*.php files
[Validator] Allow an empty path with a non empty fragment or a query
The following change adds support for Armenian pluralization.
[2.3][Process] fix Proccess run with pts enabled
Conflicts:
composer.json
src/Symfony/Bridge/ProxyManager/composer.json
src/Symfony/Bundle/DebugBundle/phpunit.xml.dist
src/Symfony/Component/Security/phpunit.xml.dist
* 2.6:
[Security] fix check for empty usernames
[Form] updated exception message of ButtonBuilder::setRequestHandler()
[travis] Fix deps=high jobs
[HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content
[DependencyInjection] Remove unused code in XmlFileLoader
[HttpFoundation] Behaviour change in PHP7 for substr
bumped Symfony version to 2.3.32
updated VERSION for 2.3.31
update CONTRIBUTORS for 2.3.31
updated CHANGELOG for 2.3.31
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
* 2.3:
[Security] fix check for empty usernames
[Form] updated exception message of ButtonBuilder::setRequestHandler()
[travis] Fix deps=high jobs
[HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content
[DependencyInjection] Remove unused code in XmlFileLoader
[HttpFoundation] Behaviour change in PHP7 for substr
bumped Symfony version to 2.3.32
updated VERSION for 2.3.31
update CONTRIBUTORS for 2.3.31
updated CHANGELOG for 2.3.31
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php
src/Symfony/Component/HttpKernel/Kernel.php
* 2.6:
Added 'default' color
[HttpFoundation] Reload the session after regenerating its id
[HttpFoundation] Add a test case to confirm a bug in session migration
[2.6] Static Code Analysis for Components and Bundles
[Finder] Command::addAtIndex() fails with Command instance argument
[DependencyInjection] Freeze also FrozenParameterBag::remove
[Twig][Bridge] replaced `extends` with `use` in bootstrap_3_horizontal_layout.html.twig
fix CS
fixed CS
Add a way to reset the singleton
[Security] allow to use `method` in XML configs
Remove duplicate example
Remove var not used due to returning early (introduced in 8982c32)
Enhance hhvm test skip message
* 2.3:
Added 'default' color
[HttpFoundation] Reload the session after regenerating its id
[HttpFoundation] Add a test case to confirm a bug in session migration
[Finder] Command::addAtIndex() fails with Command instance argument
[DependencyInjection] Freeze also FrozenParameterBag::remove
fix CS
fixed CS
Add a way to reset the singleton
[Security] allow to use `method` in XML configs
Remove var not used due to returning early (introduced in 8982c32)
Enhance hhvm test skip message
* 2.6:
[Validator] remove partial deprecation annotation
Updated UPGRADE-2.4.md
[Form] Support DateTimeImmutable in transform()
[Form] add test to avoid regression of #14891
without this change allways the legacy code get called
[Form] Fix call to removed method (BC broken in 2.3)
[HttpFoundation] Get response content as resource several times for PHP >= 5.6
Improved duplicated code in FileLocator
* 2.3:
[Form] Support DateTimeImmutable in transform()
[Form] Fix call to removed method (BC broken in 2.3)
[HttpFoundation] Get response content as resource several times for PHP >= 5.6
Improved duplicated code in FileLocator