This PR was submitted for the master branch but it was merged into the 2.1 branch instead (closes#7149).
Commits
-------
0c25d41 Expanded fault-tolerance for unusual cookie dates
Discussion
----------
Expanded fault-tolerance for unusual cookie dates
Building on pull #1793, this resolves situations where the Cookie's date field uses a numeric month. Also, expanding on the 7 most typical formats we fall-back to date_create() before throwing an exception.
---------------------------------------------------------------------------
by vicb at 2013-02-21T17:30:28Z
Please add some unit tests for the new formats.
---------------------------------------------------------------------------
by ecaron at 2013-02-21T18:06:46Z
Sorry for neglecting the unit tests, they've been updated (2 matching new common date formats, 1 uncommon date format, and changing the existing bad-date check to be more realistically bad.)
I also changed from strtotime to date_create to match the existing DateTime::createFromFormat check (although in my cookiejar analysis leading to this pull requests, all the cookies I'd encountered had timezones in them.) I'm using date_create vs. constructing a DateTime so I can immediately rely on the return value.
---------------------------------------------------------------------------
by ecaron at 2013-02-21T18:21:03Z
@vicb The two Travis failures are against the master branch unrelated to my changes. Should I retarget this pull against 2.3, or what would you advise to get this pull accepted?
---------------------------------------------------------------------------
by vicb at 2013-02-21T19:40:59Z
The Travis failure come for a bug in PHPUnit (there is a Sf issue for that).
There is no 2.3 branch yet (devs happen in master).
@fabpot will decide wether this should be considered a a fix (and merge to former releases) or an enhancement which will be merged to 2.3.
_(Could you please update the PR header which still refers to strtotime, thanks)_
---------------------------------------------------------------------------
by fabpot at 2013-02-21T21:37:15Z
This should probably go into 2.0. Also, do you have a reference where those 7 formats are explained/described?
---------------------------------------------------------------------------
by ecaron at 2013-02-21T23:10:38Z
@fabpot I couldn't find a reference because the cookies that we're addressing are ones that are behaving outside the spec (at least what I understand from http://curl.haxx.se/rfc/cookie_spec.html), as pull #1793 began to address and this continues. The cases that I've added are ones that I have encountered over the weeks of using BrowserKit and Goutte.
This PR was submitted for the master branch but it was merged into the 2.1 branch instead (closes#7151).
Commits
-------
766e987 Fix docblock type
Discussion
----------
Fix docblock type
This PR was merged into the 2.0 branch.
Commits
-------
f8812b2 [Form] Fixed "label" option to accept the value "0"
Discussion
----------
[Form] Fixed "label" option to accept the value "0"
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6862
| License | MIT
| Doc PR | -
@fabpot: This commit will cause troubles when merging 2.0 into 2.1 and up. Tell me if you need help upon conflict resolution.
This PR was squashed before being merged into the master branch (closes#5838).
Commits
-------
201f3e6 [Form] Fixed cannot unset string offsets in CsrfValidationListener
Discussion
----------
[Form] Fixed cannot unset string offsets in CsrfValidationListener
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
A php fatal error is happening when someone rewrite the entire form data for an object with a single input.
```
Fatal error: Cannot unset string offsets in vendor/symfony/symfony/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php on line 72
```
Example:
```html
<form action="/app_dev.php/post/create" method="post" >
<div id="posttype">
<div>
<label for="posttype_name" class="required">Name</label>
<input type="text" id="posttype_name" name="posttype[name]" required="required" maxlength="255" />
</div>
<div>
<label for="posttype_text" class="required">Text</label>
<textarea id="posttype_text" name="posttype[text]" required="required"></textarea>
</div>
<input type="hidden" id="posttype__token" name="posttype[_token]" value="83a1617c694fbdea43c2527f1a55c7419ce82a42" /></div>
<p>
<button type="submit">Create</button>
</p>
</form>
```
If someone alters the html to add a simple input at the bottom of the form like this one:
```html
<input type="text" id="posttype" name="posttype" value="test123" />
```
The result will be a php fatal error.
---------------------------------------------------------------------------
by bschussek at 2012-10-26T09:49:05Z
Thank you for the pull request! Could you please reference the pull request in the test?
```php
// https://github.com/symfony/symfony/pull/5838
public function testStringFormData()
{
...
```
---------------------------------------------------------------------------
by jfcixmedia at 2012-10-26T10:21:29Z
@bschussek Added, thanks.
This PR was merged into the 2.1 branch.
Commits
-------
3e40c17 [HttpKernel] fixed locale management when exiting sub-requests
Discussion
----------
[HttpKernel] fixed locale management when exiting sub-requests
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7063
| License | MIT
| Doc PR | n/a
This fix is temporary as #7007 will fix it properly in Symfony 2.3.
---------------------------------------------------------------------------
by vicb at 2013-02-17T20:17:44Z
changelog ?
---------------------------------------------------------------------------
by fabpot at 2013-02-17T20:27:22Z
The changelogs are updated when we release a new version only.
---------------------------------------------------------------------------
by stof at 2013-02-17T20:41:00Z
@fabpot the intl locale should be reset to the right value too
---------------------------------------------------------------------------
by stof at 2013-02-17T20:42:31Z
hmm sorry, I missed the fact that you are changing the locale in the Request again, which will set the intl one
This PR was merged into the 2.0 branch.
Commits
-------
179cd58 [Process] Fix regression introduced in #6620 / 880da01c49, fixes#7082
Discussion
----------
[Process][2.0] getcwd failure fix
Fix regression introduced in #6620Fixes#7082
For reference, here is the current behavior I saw:
PHP 5.4.11, windows:
```
5.4.11\php.exe -r "chdir('c:\\'); var_dump(getcwd()); $p = proc_open('pwd', [['pipe', 'r'], ['pipe', 'w'], ['pipe', 'w']], $pipes, null); var_dump(stream_get_contents($pipes[1]));"
string(3) "C:\\"
string(14) "/c/Users/seld\n"
```
(I use pwd which is a unix util so it dumps a funny path, but don't look at that)
PHP 5.5alpha4, windows (seems fixed):
```
5.5.0a4\php.exe -r "chdir('c:\\'); var_dump(getcwd()); $p = proc_open('pwd', [['pipe', 'r'], ['pipe', 'w'], ['pipe', 'w']], $pipes, null); var_dump(stream_get_contents($pipes[1]));"
string(3) "C:\"
string(3) "/c\n"
```
PHP 5.3.10, ubuntu:
```
php -r "chdir('/'); var_dump(getcwd()); \$p = proc_open('pwd', array(array('pipe', 'r'), array('p
ipe', 'w'), array('pipe', 'w')), \$pipes, null); var_dump(stream_get_contents(\$pipes[1]));"
string(1) "/"
string(2) "/\n"
```
Since the permission issue that #6620 originally was fixing is most likely not gonna happen on windows, this seems like a safe enough compromise. Ideally a check for PHP<5.5 should be introduced, but I would like to be sure it's been fixed and is not just a lucky coincidence (/cc @PierreJoye)
I would recommend merging fast and maybe adding the version check later, since it breaks composer create-project on windows. The workaround being: cd in the dir and run `composer install` again to finalize the project setup.
---------------------------------------------------------------------------
by vicb at 2013-02-17T20:12:17Z
Thanks @Seldaek !
Would you mind creating an issue for the version check so that it doesn't get lost ?
---------------------------------------------------------------------------
by Seldaek at 2013-02-18T10:43:56Z
@vicb done.
---------------------------------------------------------------------------
by vicb at 2013-02-18T11:45:16Z
thanks !
This PR was merged into the 2.1 branch.
Commits
-------
18b139d [FrameworkBundle] tweaked reference dumper command (see #7093)
Discussion
----------
[FrameworkBundle] tweaked reference dumper command (see #7093)
The same as #7093 just for 2.1.
This PR was submitted for the 2.2 branch but it was merged into the 2.1 branch instead (closes#7092).
Commits
-------
187645f Fix REMOTE_ADDR for cached subrequests
Discussion
----------
[HttpKernel/HttpCache] Fix "REMOTE_ADDR" for cached subrequests
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | none that I know of
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | 7091
| License | MIT
I moved the code that modifies the REMOTE_ADDR variable further up the chain so that cached subrequests also receive the local IP address. Before, only new subrequests received the local IP address and cached ones received the original IP, which made "validateRequest" in FragmentListener fail.
Please review. I'm not sure about side-effects of this patch, including possible security issues.
Fixes #7091
---------------------------------------------------------------------------
by bamarni at 2013-02-16T11:49:27Z
@fabpot rejected setting this on the master request, so you should do it on the ```forward()``` method instead.
---------------------------------------------------------------------------
by mweimerskirch at 2013-02-16T12:13:46Z
@bamarni @fabpot done
This PR was merged into the 2.1 branch.
Commits
-------
5e8d844 [Process] Warn user with a useful message when tmpfile() failed
Discussion
----------
[Process] Warn user with a useful message when tmpfile() failed
Simple warning so users know what's going on instead of getting a proc_open error, see composer/composer#1581.
Can't get the PR template since ~~symfony.com~~ my dns resolver is dead :)
This PR was merged into the 2.0 branch.
Commits
-------
4ce9ac3 [EventDispatcher] Added assertion.
Discussion
----------
[EventDispatcher] Added assertion
re #7023, I think it actually makes sense to add an assertion here. It reveals the intent of the test (listener is not removed).
---------------------------------------------------------------------------
by vicb at 2013-02-10T11:32:06Z
I don't think the assertion would fail with the former code, would it ?
---------------------------------------------------------------------------
by vicb at 2013-02-10T11:34:30Z
I mean an error would be generated even before the assertion.
---------------------------------------------------------------------------
by jakzal at 2013-02-10T11:37:05Z
Yes, it would fail before getting to the assertion with: *Object of class Closure could not be converted to int*.
However, this is something good to test for (and document - test is a documentation). We're not checking if type is taken into account in other tests. This test might still fail if code inside removeListener() changed.
---------------------------------------------------------------------------
by vicb at 2013-02-10T11:42:29Z
I don't really understand your point and think it is a bit useless here but I am not against your change - I don't argue that test is doc though.
---------------------------------------------------------------------------
by jakzal at 2013-02-10T15:38:09Z
Assertion is indeed useless for the bug you discovered and fixed. I think it's still worth to have it there for other reason:
* test readability and completeness - with an assertion it's more clear that we don't expect the listener to be removed with the `removeListener()` call if passed argument doesn't match the one added before
If you still don't see my point just close this PR :)
---------------------------------------------------------------------------
by vicb at 2013-02-10T17:34:35Z
What I mean is that you are unit testing php and it is not a job for sf. So it is not strictly required but as it doesn't hurt, let's merge your change.
Jakub Zalas <notifications@github.com> wrote:
>Assertion is indeed useless for the bug you discovered and fixed. I
>think it's still worth to have it there for other reason:
>* test readability and completeness - with an assertion it's more clear
>that we don't expect the listener to be removed with the
>`removeListener()` call if passed argument doesn't match the one added
>before
>
>If you still don't see my point just close this PR :)
>
>
>---
>Reply to this email directly or view it on GitHub:
>https://github.com/symfony/symfony/pull/7038#issuecomment-13351469
This PR was submitted for the 2.2 branch but it was merged into the 2.1 branch instead (closes#7034).
Commits
-------
1fdded5 [HttpKernel] added support for the X-Forwarded-For header (closes#6982, closes#7000)
be65d7c [HttpKernel] fixed the IP address in HttpCache when calling the backend
Discussion
----------
Make HttpCache behaves more like a real reverse proxy
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6982, #7000
| License | MIT
| Doc PR | n/a
---------------------------------------------------------------------------
by bendavies at 2013-02-10T00:55:29Z
Awesome, thanks Fabien. should this not target 2.0/2.1?
This PR was squashed before being merged into the 2.0 branch (closes#7023).
Commits
-------
87f3db7 [EventDispathcer] Fix removeListener
Discussion
----------
[EventDispathcer] Fix removeListener
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Todo
- [x] Add a UT
I won't have time to add a test before next Friday but this PR could save some debugging (especially with Silex & Closures)
---------------------------------------------------------------------------
by vicb at 2013-02-09T23:32:51Z
Probably related to https://bugs.php.net/bug.php?id=62976, I need to do some more investigation - I use 546. anyway the fix is valid for whatever php version.
---------------------------------------------------------------------------
by vicb at 2013-02-10T10:24:46Z
This **is** related to the PHP bug mentioned above, see http://3v4l.org/Q6WKj:
```
Output for 5.3.18 - 5.3.21, 5.4.8 - 5.5.0alpha4
bool(false)
Output for 5.3.0 - 5.3.17, 5.4.0 - 5.4.7
Notice: Object of class Klass could not be converted to int in /in/Q6WKj on line 9
Notice: Object of class Closure could not be converted to int in /in/Q6WKj on line 9
int(0)
```
@fabpot anything more needed to merge this ?
---------------------------------------------------------------------------
by fabpot at 2013-02-10T10:26:52Z
Is it possible to add a test?
---------------------------------------------------------------------------
by vicb at 2013-02-10T10:29:34Z
It is, for php versions < fixed version, I'll do that
---------------------------------------------------------------------------
by vicb at 2013-02-10T10:42:01Z
@fabpot ready Sir !
---------------------------------------------------------------------------
by vicb at 2013-02-10T10:44:35Z
well I can probably add an assert, please wait !
* 2.0:
[DependencyInjection] Allow frozen containers to be dumped to graphviz
Add dot character `.` to legal mime subtype regular expression
[HttpFoundation] fixed the creation of sub-requests under some circumstancies (closes#6923, closes#6936)
This PR was merged into the 2.0 branch.
Commits
-------
bd0ad92 [DependencyInjection] Allow frozen containers to be dumped to graphviz
Discussion
----------
[DependencyInjection] Allow frozen containers to be dumped to graphviz
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
This PR replaces #7010.
This PR was submitted for the master branch but it was merged into the 2.1 branch instead (closes#6119).
Commits
-------
3b9f763 [DI] Fix 'undefined index' error, when entering scope recursively
Discussion
----------
[DI] Fix 'undefined index' error, when entering scope recursively
Imagine two scopes:
```php
$container = new Container();
$container->addScope(new Scope('foo'));
$container->addScope(new Scope('bar', 'foo'));
```
Enter the same scope twice recursively:
```php
$container->enterScope('foo');
// not entering bar in between
$container->enterScope('foo');
// prints warning: undefined index: bar
// at Symfony/Component/DependencyInjection/Container.php:341
```
---------------------------------------------------------------------------
by fabpot at 2012-11-28T16:30:00Z
The problem exists, but the fix looks wrong to me. We should keep the scoped services even with nested scopes. Right now, and even after your patch, we loose some information.
---------------------------------------------------------------------------
by ludekstepan at 2012-11-28T16:38:05Z
I don't know how to fix properly, the patch above is just a workaround.
Without the patch, it's not possible to simply create a child scope of the "request" scope, because "enterScope" would fail upon every forward between "request" and nested "request" unless "bar" scope was entered prior to forward.
---------------------------------------------------------------------------
by stof at 2012-11-28T16:51:50Z
@fabpot why would it be wrong ? If the nested scope was not active when entering a subrequest, there is simply nothing to save
---------------------------------------------------------------------------
by stloyd at 2013-01-04T18:16:54Z
Any news about this one ? =)
---------------------------------------------------------------------------
by stof at 2013-01-04T18:22:58Z
@fabpot could you explain which info we are loosing ?
This PR was merged into the 2.1 branch.
Commits
-------
3615e19 [Security] fixed session creation on login (closes#7011)
Discussion
----------
[Security] fixed session creation on login (closes#7011)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7011
| License | MIT
| Doc PR | n/a
I fixed the test with UsernamePasswordToken (should start the session) and added a new test without token (should not start session).
This PR was merged into the 2.0 branch.
Commits
-------
a12744e Add dot character `.` to legal mime subtype regular expression
Discussion
----------
[HttpFoundation][2.0] Add dot character `.` to legal mime subtype regular expression
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
For example, the following mimetype (used for Microsoft powerpoints) is not recognized given the current regexp : `application/vnd.ms-powerpoint; charset=binary`
This PR was merged into the 2.0 branch.
Commits
-------
ddf4678 [HttpFoundation] fixed the creation of sub-requests under some circumstancies (closes#6923, closes#6936)
Discussion
----------
[HttpFoundation] fixed the creation of sub-requests under some circumstancies (closes#6923, closes#6936)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6923, #6936
| License | MIT
| Doc PR | n/a
This fixes the creation of a sub-request when the master request Request URI
is determined with specific server information.
This PR was merged into the 2.1 branch.
Commits
-------
8ca00c5 [Security] fixed session creation when none is needed (closes#6917)
Discussion
----------
[Security] fixed session creation when none is needed (closes#6917)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6917
| License | MIT
| Doc PR | n/a
---------------------------------------------------------------------------
by drak at 2013-02-04T16:24:49Z
That looks good. Maybe we need a test for this logic to prevent any regression in the future?
---------------------------------------------------------------------------
by bendavies at 2013-02-04T16:30:38Z
Yep, this was exactly what i tried locally, but really wasn't familiar enough with it to be confident enough to submit it as a fix.
Works for me!
---------------------------------------------------------------------------
by bendavies at 2013-02-04T17:19:32Z
A few test failures which were added by the breaking PR #2414 in the first place.
---------------------------------------------------------------------------
by fabpot at 2013-02-04T18:00:31Z
I've fixed the tests which now really test that the session is not started.
This PR was submitted for the 2.2 branch but it was merged into the 2.0 branch instead (closes#6959).
Commits
-------
ad889c9 [DependencyInjection] fixed a circular call (closes#6864)
Discussion
----------
[DependencyInjection] fixed a circular call (closes#6864)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6864
| License | MIT
| Doc PR | n/a
