This PR was merged into the 2.3 branch.
Discussion
----------
Fix XSS in Debug exception handler
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This XSS issue has been reported to security@symfony.com but after discussing this issue, we decided to treat it as a regular bug as the debug mode **must** never be enabled on production servers (as it can leak many sensitive information coming from arguments displayed in the stack trace for instance -- even more information is leaked when used with the Symfony full-stack framework).
Commits
-------
1af6a9e fixed XSS in the exception handler
This PR was merged into the 2.3 branch.
Discussion
----------
[travis] Test with local components instead of waiting for the subtree-splitter when possible
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Should be ready - a first step that allows testing PR with the proposed patch. Works only when deps are resolved to the same branch. But this opens the way for further improvements.
Commits
-------
f885b9b Test with local components instead of waiting for the subtree-splitter when possible
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] Remove most refs uses
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13813
| License | MIT
| Doc PR | -
Removes some references usages. They are error prone, and trigger too many copies-on-writes.
Commits
-------
8862705 [2.3] Remove most refs uses
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] static code analysis across codebase
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Static Code Analysis with <a href="https://plugins.jetbrains.com/plugin/7622?pr=phpStorm">Php Inspections (EA Extended)</a>, no functional changes:
- Reduce couple count calls in a array dump function [Yaml]
- Modernize type casting, fix several strict comparisons on the way
- Unsets merged
- Elvis operator usage (couple more cases)
- Short syntax for applied operations
PS: I didn't try merging these changes into 2.6, expecting conflicts in the case.
Commits
-------
9682756 Php Inspections (EA Extended) - static code analysis includes:
Reduce couple count calls in [Yaml]
Modernize type casting, fix several strict comparisons
Unsets merged
Elvis operator usage
Short syntax for applied operations
This PR was submitted for the 2.7 branch but it was merged into the 2.3 branch instead (closes#13839).
Discussion
----------
[Validator] Added missing galician (gl) translations
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
ec11915 [Validator] Added missing galician (gl) translations
This PR was merged into the 2.3 branch.
Discussion
----------
[travis] Tests Security sub-components
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Previous PR has been merged too fast :)
Commits
-------
16cdcf2 [travis] Tests Security sub-components
This PR was squashed before being merged into the 2.3 branch (closes#13727).
Discussion
----------
CS fixes
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Commits
-------
7fd6ba0 CS fixes
This PR was merged into the 2.3 branch.
Discussion
----------
[travis] test with php nightly
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
213cabc [travis] test with php nightly
This PR was merged into the 2.3 branch.
Discussion
----------
minor #13377 [Console] Change greater by greater or equal for isFresh in FileResource
| Q | A
| ------------- | ---
| Fixed tickets | #13377
| License | MIT
FileResource and tests update
Commits
-------
87800ae minor #13377 [Console] Change greater by greater or equal for isFresh in FileResource
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] [HttpFoundation] fixed param order for Nginx's x-accel-mapping
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | kinda
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13502
| License | MIT
| Doc PR | n/a
Inverted path and location directives for x-accel-mapping header (fixes#13502).
Before:
```proxy_set_header X-Accel-Mapping /internal/=/var/www/example.com/```
After:
```proxy_set_header X-Accel-Mapping /var/www/example.com/=/internal/```
It could be a BC break since the response will fail if someone sends this header
honoring the previous signature, thus I need some feedback in order to choose the right branch for this change.
Commits
-------
9f9f230 [2.3] [HttpFoundation] fixed param order for Nginx's x-accel-redirect
This PR was squashed before being merged into the 2.3 branch (closes#13769).
Discussion
----------
[Form] NativeRequestHandler file handling fix
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13746
| License | MIT
| Doc PR | n/a
`NativeRequestHandler` reused the local variable for the form name `$name` as a loop variable for processing the `$_FILES` array. A separate variable is now used.
Two new test cases are included:
- Handling a request with multiple files
- Handling a request with file upload and a nameless form
Both tests fail without the fix. The test cases could probably be better though.
Commits
-------
9b3421f [Form] NativeRequestHandler file handling fix
This PR was merged into the 2.3 branch.
Discussion
----------
Enforce UTF-8 charset for core controllers
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7532
| License | MIT
| Doc PR | -
See https://github.com/symfony/symfony/issues/7617 and https://github.com/symfony/symfony/pull/7532 for the context of this PR.
Commits
-------
3032014 Enforce UTF-8 charset for core controllers
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#13683).
Discussion
----------
[PROCESS] make sure /dev/tty is readable
When using Process from Web-SAPI it is likely that the webserver user
doesn't has rights to use /dev/tty
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13261
| License | MIT
| Doc PR | -
Commits
-------
935afe6 [PROCESS] make sure /dev/tty is readable
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][FrameworkBundle] Fixed Shell logo
This PR fix#12565.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
d7f008d [FrameworkBundle] Fixed Shell logo
This PR was squashed before being merged into the 2.3 branch (closes#13733).
Discussion
----------
[2.3][Process] Fixed PhpProcess::getCommandLine() result
The `PhpProcess::getCommandLine()` return `null` if `PhpProcess::start()` was not called.
```php
$process = new PhpProcess(<<<PHP
<?php echo "foobar";
PHP
);
$process->getCommandLine(); // return null
$process->start();
$process->getCommandLine(); // return the PHP binary path
```
This PR fix the problem.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | -
Commits
-------
d0f1d32 [2.3][Process] Fixed PhpProcess::getCommandLine() result
This PR was merged into the 2.3 branch.
Discussion
----------
[Console] assertion for ArgvInput::getFirstArgument() with no arguments
| Q | A
| ------------- | ---
| Bug fix? | [no]
| New feature? | [no]
| BC breaks? | [no]
| Deprecations? | [no]
| Tests pass? | [yes]
| License | MIT
Commits
-------
11b2a9b [Console] explicit assertion for ArgvInput::getFirstArgument() with no arguments