From f7efd0b387b7bdbfe0fd1e38fe6b7d4a812b4e39 Mon Sep 17 00:00:00 2001 From: Roy-Orbison Date: Wed, 20 Nov 2019 15:04:29 +1030 Subject: [PATCH 01/28] Simpler example for Apache basic auth workaround Uses a simpler regex and existing back-reference instead of reading header twice. --- ServerBag.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ServerBag.php b/ServerBag.php index 4c82b1774..f3b640234 100644 --- a/ServerBag.php +++ b/ServerBag.php @@ -46,13 +46,13 @@ public function getHeaders() /* * php-cgi under Apache does not pass HTTP Basic user/pass to PHP by default * For this workaround to work, add these lines to your .htaccess file: - * RewriteCond %{HTTP:Authorization} ^(.+)$ - * RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] + * RewriteCond %{HTTP:Authorization} .+ + * RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0] * * A sample .htaccess file: * RewriteEngine On - * RewriteCond %{HTTP:Authorization} ^(.+)$ - * RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] + * RewriteCond %{HTTP:Authorization} .+ + * RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0] * RewriteCond %{REQUEST_FILENAME} !-f * RewriteRule ^(.*)$ app.php [QSA,L] */ From cc09809aa4182d5d062cde2c5836c5281f4e96eb Mon Sep 17 00:00:00 2001 From: Quentin Favrie Date: Mon, 25 Nov 2019 11:31:45 +0100 Subject: [PATCH 02/28] [HttpFoundation] Update CHANGELOG for PdoSessionHandler BC BREAK in 4.4 --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e33b33ccb..3fa73a26a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,9 @@ CHANGELOG * passing arguments to `Request::isMethodSafe()` is deprecated. * `ApacheRequest` is deprecated, use the `Request` class instead. * passing a third argument to `HeaderBag::get()` is deprecated, use method `all()` instead + * [BC BREAK] `PdoSessionHandler` with MySQL changed the type of the lifetime column, + make sure to run `ALTER TABLE sessions MODIFY sess_lifetime INTEGER UNSIGNED NOT NULL` to + update your database. * `PdoSessionHandler` now precalculates the expiry timestamp in the lifetime column, make sure to run `CREATE INDEX EXPIRY ON sessions (sess_lifetime)` to update your database to speed up garbage collection of expired sessions. From d2d0cfe8e319d9df44c4cca570710fcf221d4593 Mon Sep 17 00:00:00 2001 From: Thomas Bisignani Date: Thu, 28 Nov 2019 13:52:59 +0100 Subject: [PATCH 03/28] [HttpFoundation] Fixed typo --- BinaryFileResponse.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/BinaryFileResponse.php b/BinaryFileResponse.php index f43114111..ea7ac8469 100644 --- a/BinaryFileResponse.php +++ b/BinaryFileResponse.php @@ -348,7 +348,7 @@ public static function trustXSendfileTypeHeader() } /** - * If this is set to true, the file will be unlinked after the request is send + * If this is set to true, the file will be unlinked after the request is sent * Note: If the X-Sendfile header is used, the deleteFileAfterSend setting will not be used. * * @param bool $shouldDelete From 1f70ac41f1711f0ddc969736c71cc85d860a94b9 Mon Sep 17 00:00:00 2001 From: Rafael Tovar Date: Thu, 5 Dec 2019 08:36:17 +0100 Subject: [PATCH 04/28] [HttpFoundation] get currently session.gc_maxlifetime if ttl doesnt exists --- Session/Storage/Handler/RedisSessionHandler.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Session/Storage/Handler/RedisSessionHandler.php b/Session/Storage/Handler/RedisSessionHandler.php index d8c1f8cb9..e5be90d5f 100644 --- a/Session/Storage/Handler/RedisSessionHandler.php +++ b/Session/Storage/Handler/RedisSessionHandler.php @@ -63,7 +63,7 @@ public function __construct($redis, array $options = []) $this->redis = $redis; $this->prefix = $options['prefix'] ?? 'sf_s'; - $this->ttl = $options['ttl'] ?? (int) ini_get('session.gc_maxlifetime'); + $this->ttl = $options['ttl'] ?? null; } /** @@ -79,7 +79,7 @@ protected function doRead($sessionId): string */ protected function doWrite($sessionId, $data): bool { - $result = $this->redis->setEx($this->prefix.$sessionId, $this->ttl, $data); + $result = $this->redis->setEx($this->prefix.$sessionId, (int) ($this->ttl ?? ini_get('session.gc_maxlifetime')), $data); return $result && !$result instanceof ErrorInterface; } @@ -115,6 +115,6 @@ public function gc($maxlifetime): bool */ public function updateTimestamp($sessionId, $data) { - return (bool) $this->redis->expire($this->prefix.$sessionId, $this->ttl); + return (bool) $this->redis->expire($this->prefix.$sessionId, (int) ($this->ttl ?? ini_get('session.gc_maxlifetime'))); } } From 723b5ca3de95db0ae0e9148bd0db5afbbad973ef Mon Sep 17 00:00:00 2001 From: Matthias Pigulla Date: Mon, 18 Nov 2019 13:24:53 +0000 Subject: [PATCH 05/28] [HttpFoundation] Use `Cache-Control: must-revalidate` only if explicit lifetime has been given --- ResponseHeaderBag.php | 10 +++++----- Tests/ResponseHeaderBagTest.php | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ResponseHeaderBag.php b/ResponseHeaderBag.php index 1dc8dc2c5..e11b98a10 100644 --- a/ResponseHeaderBag.php +++ b/ResponseHeaderBag.php @@ -309,13 +309,13 @@ public function makeDisposition($disposition, $filename, $filenameFallback = '') */ protected function computeCacheControlValue() { - if (!$this->cacheControl && !$this->has('ETag') && !$this->has('Last-Modified') && !$this->has('Expires')) { - return 'no-cache, private'; - } - if (!$this->cacheControl) { + if ($this->has('Last-Modified') || $this->has('Expires')) { + return 'private, must-revalidate'; // allows for heuristic expiration (RFC 7234 Section 4.2.2) in the case of "Last-Modified" + } + // conservative by default - return 'private, must-revalidate'; + return 'no-cache, private'; } $header = $this->getCacheControlHeader(); diff --git a/Tests/ResponseHeaderBagTest.php b/Tests/ResponseHeaderBagTest.php index d85f6e112..4e3a6c82b 100644 --- a/Tests/ResponseHeaderBagTest.php +++ b/Tests/ResponseHeaderBagTest.php @@ -51,9 +51,9 @@ public function testCacheControlHeader() $this->assertTrue($bag->hasCacheControlDirective('public')); $bag = new ResponseHeaderBag(['ETag' => 'abcde']); - $this->assertEquals('private, must-revalidate', $bag->get('Cache-Control')); + $this->assertEquals('no-cache, private', $bag->get('Cache-Control')); $this->assertTrue($bag->hasCacheControlDirective('private')); - $this->assertTrue($bag->hasCacheControlDirective('must-revalidate')); + $this->assertTrue($bag->hasCacheControlDirective('no-cache')); $this->assertFalse($bag->hasCacheControlDirective('max-age')); $bag = new ResponseHeaderBag(['Expires' => 'Wed, 16 Feb 2011 14:17:43 GMT']); From da246f427905248a690142b56dfaf00b18b77e30 Mon Sep 17 00:00:00 2001 From: Yonel Ceruto Date: Tue, 10 Dec 2019 09:58:16 -0500 Subject: [PATCH 06/28] Removed request header "Content-Type" from the preferred format guessing mechanism --- Request.php | 13 +++++-------- Tests/RequestTest.php | 2 -- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/Request.php b/Request.php index bb5409123..6690b9b22 100644 --- a/Request.php +++ b/Request.php @@ -1586,20 +1586,17 @@ public function isNoCache() */ public function getPreferredFormat(?string $default = 'html'): ?string { - if (null !== $this->preferredFormat) { + if (null !== $this->preferredFormat || null !== $this->preferredFormat = $this->getRequestFormat(null)) { return $this->preferredFormat; } - $preferredFormat = null; - foreach ($this->getAcceptableContentTypes() as $contentType) { - if ($preferredFormat = $this->getFormat($contentType)) { - break; + foreach ($this->getAcceptableContentTypes() as $mimeType) { + if ($this->preferredFormat = $this->getFormat($mimeType)) { + return $this->preferredFormat; } } - $this->preferredFormat = $this->getRequestFormat($preferredFormat ?: $this->getContentType()); - - return $this->preferredFormat ?: $default; + return $default; } /** diff --git a/Tests/RequestTest.php b/Tests/RequestTest.php index 1d0164725..7c53ec2d5 100644 --- a/Tests/RequestTest.php +++ b/Tests/RequestTest.php @@ -408,12 +408,10 @@ public function testGetPreferredFormat() $request->setRequestFormat('atom'); $request->headers->set('Accept', 'application/ld+json'); - $request->headers->set('Content-Type', 'application/merge-patch+json'); $this->assertSame('atom', $request->getPreferredFormat()); $request = new Request(); $request->headers->set('Accept', 'application/xml'); - $request->headers->set('Content-Type', 'application/json'); $this->assertSame('xml', $request->getPreferredFormat()); $request = new Request(); From 5a5c3b31482ffc655a74de3e55d87ec81291f3b5 Mon Sep 17 00:00:00 2001 From: Jan Christoph Beyer Date: Fri, 13 Dec 2019 12:27:55 +0100 Subject: [PATCH 07/28] fix redis multi host dsn not recognized --- Session/Storage/Handler/SessionHandlerFactory.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Session/Storage/Handler/SessionHandlerFactory.php b/Session/Storage/Handler/SessionHandlerFactory.php index f4feeac09..1f017c8af 100644 --- a/Session/Storage/Handler/SessionHandlerFactory.php +++ b/Session/Storage/Handler/SessionHandlerFactory.php @@ -50,13 +50,13 @@ public static function createHandler($connection): AbstractSessionHandler case 0 === strpos($connection, 'file://'): return new StrictSessionHandler(new NativeFileSessionHandler(substr($connection, 7))); - case 0 === strpos($connection, 'redis://'): - case 0 === strpos($connection, 'rediss://'): - case 0 === strpos($connection, 'memcached://'): + case 0 === strpos($connection, 'redis:'): + case 0 === strpos($connection, 'rediss:'): + case 0 === strpos($connection, 'memcached:'): if (!class_exists(AbstractAdapter::class)) { throw new InvalidArgumentException(sprintf('Unsupported DSN "%s". Try running "composer require symfony/cache".', $connection)); } - $handlerClass = 0 === strpos($connection, 'memcached://') ? MemcachedSessionHandler::class : RedisSessionHandler::class; + $handlerClass = 0 === strpos($connection, 'memcached:') ? MemcachedSessionHandler::class : RedisSessionHandler::class; $connection = AbstractAdapter::createConnection($connection, ['lazy' => true]); return new $handlerClass($connection); From 7d2f82af89da0490e2ca88a7f309cc9d32c4494c Mon Sep 17 00:00:00 2001 From: Ben Davies Date: Wed, 18 Dec 2019 10:25:03 +0000 Subject: [PATCH 08/28] use utf8mb4_bin to align code with documentation --- Session/Storage/Handler/PdoSessionHandler.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Session/Storage/Handler/PdoSessionHandler.php b/Session/Storage/Handler/PdoSessionHandler.php index c9d47b6ed..653ca6917 100644 --- a/Session/Storage/Handler/PdoSessionHandler.php +++ b/Session/Storage/Handler/PdoSessionHandler.php @@ -218,7 +218,7 @@ public function createTable() // - trailing space removal // - case-insensitivity // - language processing like é == e - $sql = "CREATE TABLE $this->table ($this->idCol VARBINARY(128) NOT NULL PRIMARY KEY, $this->dataCol BLOB NOT NULL, $this->lifetimeCol INTEGER UNSIGNED NOT NULL, $this->timeCol INTEGER UNSIGNED NOT NULL) COLLATE utf8_bin, ENGINE = InnoDB"; + $sql = "CREATE TABLE $this->table ($this->idCol VARBINARY(128) NOT NULL PRIMARY KEY, $this->dataCol BLOB NOT NULL, $this->lifetimeCol INTEGER UNSIGNED NOT NULL, $this->timeCol INTEGER UNSIGNED NOT NULL) COLLATE utf8mb4_bin, ENGINE = InnoDB"; break; case 'sqlite': $sql = "CREATE TABLE $this->table ($this->idCol TEXT NOT NULL PRIMARY KEY, $this->dataCol BLOB NOT NULL, $this->lifetimeCol INTEGER NOT NULL, $this->timeCol INTEGER NOT NULL)"; From 760e8fb0b9d8c764ec10ccf7dd949b69bc59bd26 Mon Sep 17 00:00:00 2001 From: Saif Eddin G <29315886+azjezz@users.noreply.github.com> Date: Wed, 18 Dec 2019 16:15:58 +0100 Subject: [PATCH 09/28] [HttpFoundation] fix pdo session handler for sqlsrv --- Session/Storage/Handler/PdoSessionHandler.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Session/Storage/Handler/PdoSessionHandler.php b/Session/Storage/Handler/PdoSessionHandler.php index b212236df..034c02e5c 100644 --- a/Session/Storage/Handler/PdoSessionHandler.php +++ b/Session/Storage/Handler/PdoSessionHandler.php @@ -871,10 +871,10 @@ private function getMergeStatement(string $sessionId, string $data, int $maxlife $mergeStmt->bindParam(2, $sessionId, \PDO::PARAM_STR); $mergeStmt->bindParam(3, $data, \PDO::PARAM_LOB); $mergeStmt->bindValue(4, time() + $maxlifetime, \PDO::PARAM_INT); - $mergeStmt->bindValue(4, time(), \PDO::PARAM_INT); - $mergeStmt->bindParam(5, $data, \PDO::PARAM_LOB); - $mergeStmt->bindValue(6, time() + $maxlifetime, \PDO::PARAM_INT); - $mergeStmt->bindValue(6, time(), \PDO::PARAM_INT); + $mergeStmt->bindValue(5, time(), \PDO::PARAM_INT); + $mergeStmt->bindParam(6, $data, \PDO::PARAM_LOB); + $mergeStmt->bindValue(7, time() + $maxlifetime, \PDO::PARAM_INT); + $mergeStmt->bindValue(8, time(), \PDO::PARAM_INT); } else { $mergeStmt->bindParam(':id', $sessionId, \PDO::PARAM_STR); $mergeStmt->bindParam(':data', $data, \PDO::PARAM_LOB); From 5b932eed42c1f5172bd4ba46eef0525fce190502 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Thu, 19 Dec 2019 10:47:05 +0100 Subject: [PATCH 10/28] Fix typo --- Session/Storage/NativeSessionStorage.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Session/Storage/NativeSessionStorage.php b/Session/Storage/NativeSessionStorage.php index 4c5873728..df7da3c72 100644 --- a/Session/Storage/NativeSessionStorage.php +++ b/Session/Storage/NativeSessionStorage.php @@ -375,13 +375,11 @@ public function setOptions(array $options) * ini_set('session.save_path', '/tmp'); * * or pass in a \SessionHandler instance which configures session.save_handler in the - * constructor, for a template see NativeFileSessionHandler or use handlers in - * composer package drak/native-session + * constructor, for a template see NativeFileSessionHandler. * * @see https://php.net/session-set-save-handler * @see https://php.net/sessionhandlerinterface * @see https://php.net/sessionhandler - * @see https://github.com/zikula/NativeSession * * @param \SessionHandlerInterface|null $saveHandler * From de7e6cd4b701a6d70c5dacf80d8f7cd49fdfdbbe Mon Sep 17 00:00:00 2001 From: Shaharia Azam Date: Sat, 21 Dec 2019 04:43:02 +0600 Subject: [PATCH 11/28] X-Accel Nginx URL updated Obsolete URL has been updated --- BinaryFileResponse.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/BinaryFileResponse.php b/BinaryFileResponse.php index ea7ac8469..c2f66d695 100644 --- a/BinaryFileResponse.php +++ b/BinaryFileResponse.php @@ -217,7 +217,7 @@ public function prepare(Request $request) } if ('x-accel-redirect' === strtolower($type)) { // Do X-Accel-Mapping substitutions. - // @link http://wiki.nginx.org/X-accel#X-Accel-Redirect + // @link https://www.nginx.com/resources/wiki/start/topics/examples/x-accel/#x-accel-redirect foreach (explode(',', $request->headers->get('X-Accel-Mapping', '')) as $mapping) { $mapping = explode('=', $mapping, 2); From 45285abd8ddab3d30a22194c46ca48529cc90ee1 Mon Sep 17 00:00:00 2001 From: Jan Rosier Date: Wed, 1 Jan 2020 12:03:25 +0100 Subject: [PATCH 12/28] Update year in license files --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index a677f4376..9e936ec04 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2004-2019 Fabien Potencier +Copyright (c) 2004-2020 Fabien Potencier Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal From f3abd07a56111ebe6a1ad6f1cbc23e4f8983f8f5 Mon Sep 17 00:00:00 2001 From: Shaharia Azam Date: Sat, 21 Dec 2019 04:13:14 +0600 Subject: [PATCH 13/28] Update links to documentation --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8907f0b96..ac98f9b80 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ specification. Resources --------- - * [Documentation](https://symfony.com/doc/current/components/http_foundation/index.html) + * [Documentation](https://symfony.com/doc/current/components/http_foundation.html) * [Contributing](https://symfony.com/doc/current/contributing/index.html) * [Report issues](https://github.com/symfony/symfony/issues) and [send Pull Requests](https://github.com/symfony/symfony/pulls) From 3bdf327219a57aaa1910a6edfd4ef70c30bb85fa Mon Sep 17 00:00:00 2001 From: Matthias Pigulla Date: Fri, 10 Jan 2020 23:18:38 +0000 Subject: [PATCH 14/28] =?UTF-8?q?[HttpKernel]=C2=A0Fix=20stale-if-error=20?= =?UTF-8?q?behavior,=20add=20tests?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Response.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Response.php b/Response.php index 26e3a3378..0f361bac3 100644 --- a/Response.php +++ b/Response.php @@ -649,7 +649,7 @@ public function isImmutable() } /** - * Returns true if the response must be revalidated by caches. + * Returns true if the response must be revalidated by shared caches once it has become stale. * * This method indicates that the response must not be served stale by a * cache in any circumstance without first revalidating with the origin. From 96c1a438acb4de840dac08f39018035a728a380c Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Tue, 4 Feb 2020 08:35:15 +0100 Subject: [PATCH 15/28] Add missing use statements --- Session/Storage/Handler/SessionHandlerFactory.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Session/Storage/Handler/SessionHandlerFactory.php b/Session/Storage/Handler/SessionHandlerFactory.php index 1f017c8af..b92bd0ffd 100644 --- a/Session/Storage/Handler/SessionHandlerFactory.php +++ b/Session/Storage/Handler/SessionHandlerFactory.php @@ -54,7 +54,7 @@ public static function createHandler($connection): AbstractSessionHandler case 0 === strpos($connection, 'rediss:'): case 0 === strpos($connection, 'memcached:'): if (!class_exists(AbstractAdapter::class)) { - throw new InvalidArgumentException(sprintf('Unsupported DSN "%s". Try running "composer require symfony/cache".', $connection)); + throw new \InvalidArgumentException(sprintf('Unsupported DSN "%s". Try running "composer require symfony/cache".', $connection)); } $handlerClass = 0 === strpos($connection, 'memcached:') ? MemcachedSessionHandler::class : RedisSessionHandler::class; $connection = AbstractAdapter::createConnection($connection, ['lazy' => true]); From 7a2ab8cb09df0c3a0ab5fbe61a089f4b51487814 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Tue, 4 Feb 2020 09:03:00 +0100 Subject: [PATCH 16/28] Fix CS --- RedirectResponse.php | 2 +- Session/Storage/Handler/AbstractSessionHandler.php | 2 +- Session/Storage/NativeSessionStorage.php | 8 ++++---- Session/Storage/Proxy/AbstractProxy.php | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/RedirectResponse.php b/RedirectResponse.php index a19efba3e..71ba9f825 100644 --- a/RedirectResponse.php +++ b/RedirectResponse.php @@ -42,7 +42,7 @@ public function __construct($url, $status = 302, $headers = []) throw new \InvalidArgumentException(sprintf('The HTTP status code is not a redirect ("%s" given).', $status)); } - if (301 == $status && !\array_key_exists('cache-control', array_change_key_case($headers, \CASE_LOWER))) { + if (301 == $status && !\array_key_exists('cache-control', array_change_key_case($headers, CASE_LOWER))) { $this->headers->remove('cache-control'); } } diff --git a/Session/Storage/Handler/AbstractSessionHandler.php b/Session/Storage/Handler/AbstractSessionHandler.php index eb09c0b54..84ba0ebba 100644 --- a/Session/Storage/Handler/AbstractSessionHandler.php +++ b/Session/Storage/Handler/AbstractSessionHandler.php @@ -133,7 +133,7 @@ public function destroy($sessionId) } if (!headers_sent() && filter_var(ini_get('session.use_cookies'), FILTER_VALIDATE_BOOLEAN)) { if (!$this->sessionName) { - throw new \LogicException(sprintf('Session name cannot be empty, did you forget to call "parent::open()" in "%s"?.', \get_class($this))); + throw new \LogicException(sprintf('Session name cannot be empty, did you forget to call "parent::open()" in "%s"?.', static::class)); } $sessionCookie = sprintf(' %s=', urlencode($this->sessionName)); $sessionCookieWithId = sprintf('%s%s;', $sessionCookie, urlencode($sessionId)); diff --git a/Session/Storage/NativeSessionStorage.php b/Session/Storage/NativeSessionStorage.php index df7da3c72..cbf7cadc7 100644 --- a/Session/Storage/NativeSessionStorage.php +++ b/Session/Storage/NativeSessionStorage.php @@ -137,7 +137,7 @@ public function start() return true; } - if (\PHP_SESSION_ACTIVE === session_status()) { + if (PHP_SESSION_ACTIVE === session_status()) { throw new \RuntimeException('Failed to start the session: already started by PHP.'); } @@ -193,7 +193,7 @@ public function setName($name) public function regenerate($destroy = false, $lifetime = null) { // Cannot regenerate the session ID for non-active sessions. - if (\PHP_SESSION_ACTIVE !== session_status()) { + if (PHP_SESSION_ACTIVE !== session_status()) { return false; } @@ -341,7 +341,7 @@ public function isStarted() */ public function setOptions(array $options) { - if (headers_sent() || \PHP_SESSION_ACTIVE === session_status()) { + if (headers_sent() || PHP_SESSION_ACTIVE === session_status()) { return; } @@ -401,7 +401,7 @@ public function setSaveHandler($saveHandler = null) } $this->saveHandler = $saveHandler; - if (headers_sent() || \PHP_SESSION_ACTIVE === session_status()) { + if (headers_sent() || PHP_SESSION_ACTIVE === session_status()) { return; } diff --git a/Session/Storage/Proxy/AbstractProxy.php b/Session/Storage/Proxy/AbstractProxy.php index 0303729e7..cd0635a16 100644 --- a/Session/Storage/Proxy/AbstractProxy.php +++ b/Session/Storage/Proxy/AbstractProxy.php @@ -65,7 +65,7 @@ public function isWrapper() */ public function isActive() { - return \PHP_SESSION_ACTIVE === session_status(); + return PHP_SESSION_ACTIVE === session_status(); } /** From 2292c5c4d47ee4c478464f45d9981b37f0abff14 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Tue, 4 Feb 2020 10:29:10 +0100 Subject: [PATCH 17/28] Fix CS --- Tests/Session/Storage/PhpBridgeSessionStorageTest.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Tests/Session/Storage/PhpBridgeSessionStorageTest.php b/Tests/Session/Storage/PhpBridgeSessionStorageTest.php index 206ff4877..b4fad7688 100644 --- a/Tests/Session/Storage/PhpBridgeSessionStorageTest.php +++ b/Tests/Session/Storage/PhpBridgeSessionStorageTest.php @@ -61,12 +61,12 @@ public function testPhpSession() { $storage = $this->getStorage(); - $this->assertNotSame(\PHP_SESSION_ACTIVE, session_status()); + $this->assertNotSame(PHP_SESSION_ACTIVE, session_status()); $this->assertFalse($storage->isStarted()); session_start(); $this->assertTrue(isset($_SESSION)); - $this->assertSame(\PHP_SESSION_ACTIVE, session_status()); + $this->assertSame(PHP_SESSION_ACTIVE, session_status()); // PHP session might have started, but the storage driver has not, so false is correct here $this->assertFalse($storage->isStarted()); From 4d440be93adcfd5e4ee0bdc7acd1c3260625728f Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Tue, 4 Sep 2018 10:27:39 +0200 Subject: [PATCH 18/28] [HttpFoundation][FrameworkBundle] fix support for samesite in session cookies --- Session/SessionUtils.php | 59 +++++++++++++++++++ .../Handler/AbstractSessionHandler.php | 50 +++++++--------- Session/Storage/NativeSessionStorage.php | 42 +++++++++++-- .../Storage/Handler/Fixtures/storage.expected | 3 +- .../Fixtures/with_cookie_and_session.expected | 1 + .../Handler/Fixtures/with_samesite.expected | 16 +++++ .../Handler/Fixtures/with_samesite.php | 13 ++++ .../with_samesite_and_migration.expected | 23 ++++++++ .../Fixtures/with_samesite_and_migration.php | 15 +++++ .../Storage/NativeSessionStorageTest.php | 8 ++- 10 files changed, 192 insertions(+), 38 deletions(-) create mode 100644 Session/SessionUtils.php create mode 100644 Tests/Session/Storage/Handler/Fixtures/with_samesite.expected create mode 100644 Tests/Session/Storage/Handler/Fixtures/with_samesite.php create mode 100644 Tests/Session/Storage/Handler/Fixtures/with_samesite_and_migration.expected create mode 100644 Tests/Session/Storage/Handler/Fixtures/with_samesite_and_migration.php diff --git a/Session/SessionUtils.php b/Session/SessionUtils.php new file mode 100644 index 000000000..04a25f716 --- /dev/null +++ b/Session/SessionUtils.php @@ -0,0 +1,59 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\HttpFoundation\Session; + +/** + * Session utility functions. + * + * @author Nicolas Grekas + * @author Rémon van de Kamp + * + * @internal + */ +final class SessionUtils +{ + /** + * Find the session header amongst the headers that are to be sent, remove it, and return + * it so the caller can process it further. + */ + public static function popSessionCookie($sessionName, $sessionId) + { + $sessionCookie = null; + $sessionCookiePrefix = sprintf(' %s=', urlencode($sessionName)); + $sessionCookieWithId = sprintf('%s%s;', $sessionCookiePrefix, urlencode($sessionId)); + $otherCookies = []; + foreach (headers_list() as $h) { + if (0 !== stripos($h, 'Set-Cookie:')) { + continue; + } + if (11 === strpos($h, $sessionCookiePrefix, 11)) { + $sessionCookie = $h; + + if (11 !== strpos($h, $sessionCookieWithId, 11)) { + $otherCookies[] = $h; + } + } else { + $otherCookies[] = $h; + } + } + if (null === $sessionCookie) { + return null; + } + + header_remove('Set-Cookie'); + foreach ($otherCookies as $h) { + header($h, false); + } + + return $sessionCookie; + } +} diff --git a/Session/Storage/Handler/AbstractSessionHandler.php b/Session/Storage/Handler/AbstractSessionHandler.php index 84ba0ebba..ec59d895c 100644 --- a/Session/Storage/Handler/AbstractSessionHandler.php +++ b/Session/Storage/Handler/AbstractSessionHandler.php @@ -11,6 +11,8 @@ namespace Symfony\Component\HttpFoundation\Session\Storage\Handler; +use Symfony\Component\HttpFoundation\Session\SessionUtils; + /** * This abstract session handler provides a generic implementation * of the PHP 7.0 SessionUpdateTimestampHandlerInterface, @@ -27,7 +29,7 @@ abstract class AbstractSessionHandler implements \SessionHandlerInterface, \Sess private $igbinaryEmptyData; /** - * {@inheritdoc} + * @return bool */ public function open($savePath, $sessionName) { @@ -62,7 +64,7 @@ abstract protected function doWrite($sessionId, $data); abstract protected function doDestroy($sessionId); /** - * {@inheritdoc} + * @return bool */ public function validateId($sessionId) { @@ -73,7 +75,7 @@ public function validateId($sessionId) } /** - * {@inheritdoc} + * @return string */ public function read($sessionId) { @@ -99,7 +101,7 @@ public function read($sessionId) } /** - * {@inheritdoc} + * @return bool */ public function write($sessionId, $data) { @@ -124,7 +126,7 @@ public function write($sessionId, $data) } /** - * {@inheritdoc} + * @return bool */ public function destroy($sessionId) { @@ -135,31 +137,23 @@ public function destroy($sessionId) if (!$this->sessionName) { throw new \LogicException(sprintf('Session name cannot be empty, did you forget to call "parent::open()" in "%s"?.', static::class)); } - $sessionCookie = sprintf(' %s=', urlencode($this->sessionName)); - $sessionCookieWithId = sprintf('%s%s;', $sessionCookie, urlencode($sessionId)); - $sessionCookieFound = false; - $otherCookies = []; - foreach (headers_list() as $h) { - if (0 !== stripos($h, 'Set-Cookie:')) { - continue; - } - if (11 === strpos($h, $sessionCookie, 11)) { - $sessionCookieFound = true; - - if (11 !== strpos($h, $sessionCookieWithId, 11)) { - $otherCookies[] = $h; - } + $cookie = SessionUtils::popSessionCookie($this->sessionName, $sessionId); + + /* + * We send an invalidation Set-Cookie header (zero lifetime) + * when either the session was started or a cookie with + * the session name was sent by the client (in which case + * we know it's invalid as a valid session cookie would've + * started the session). + */ + if (null === $cookie || isset($_COOKIE[$this->sessionName])) { + if (\PHP_VERSION_ID < 70300) { + setcookie($this->sessionName, '', 0, ini_get('session.cookie_path'), ini_get('session.cookie_domain'), filter_var(ini_get('session.cookie_secure'), FILTER_VALIDATE_BOOLEAN), filter_var(ini_get('session.cookie_httponly'), FILTER_VALIDATE_BOOLEAN)); } else { - $otherCookies[] = $h; - } - } - if ($sessionCookieFound) { - header_remove('Set-Cookie'); - foreach ($otherCookies as $h) { - header($h, false); + $params = session_get_cookie_params(); + unset($params['lifetime']); + setcookie($this->sessionName, '', $params); } - } else { - setcookie($this->sessionName, '', 0, ini_get('session.cookie_path'), ini_get('session.cookie_domain'), filter_var(ini_get('session.cookie_secure'), FILTER_VALIDATE_BOOLEAN), filter_var(ini_get('session.cookie_httponly'), FILTER_VALIDATE_BOOLEAN)); } } diff --git a/Session/Storage/NativeSessionStorage.php b/Session/Storage/NativeSessionStorage.php index cbf7cadc7..7502897a4 100644 --- a/Session/Storage/NativeSessionStorage.php +++ b/Session/Storage/NativeSessionStorage.php @@ -12,6 +12,7 @@ namespace Symfony\Component\HttpFoundation\Session\Storage; use Symfony\Component\HttpFoundation\Session\SessionBagInterface; +use Symfony\Component\HttpFoundation\Session\SessionUtils; use Symfony\Component\HttpFoundation\Session\Storage\Handler\StrictSessionHandler; use Symfony\Component\HttpFoundation\Session\Storage\Proxy\AbstractProxy; use Symfony\Component\HttpFoundation\Session\Storage\Proxy\SessionHandlerProxy; @@ -48,6 +49,11 @@ class NativeSessionStorage implements SessionStorageInterface */ protected $metadataBag; + /** + * @var string|null + */ + private $emulateSameSite; + /** * Depending on how you want the storage driver to behave you probably * want to override this constructor entirely. @@ -67,6 +73,7 @@ class NativeSessionStorage implements SessionStorageInterface * cookie_lifetime, "0" * cookie_path, "/" * cookie_secure, "" + * cookie_samesite, null * entropy_file, "" * entropy_length, "0" * gc_divisor, "100" @@ -94,9 +101,7 @@ class NativeSessionStorage implements SessionStorageInterface * trans_sid_hosts, $_SERVER['HTTP_HOST'] * trans_sid_tags, "a=href,area=href,frame=src,form=" * - * @param array $options Session configuration options - * @param \SessionHandlerInterface|null $handler - * @param MetadataBag $metaBag MetadataBag + * @param AbstractProxy|\SessionHandlerInterface|null $handler */ public function __construct(array $options = [], $handler = null, MetadataBag $metaBag = null) { @@ -150,6 +155,13 @@ public function start() throw new \RuntimeException('Failed to start the session'); } + if (null !== $this->emulateSameSite) { + $originalCookie = SessionUtils::popSessionCookie(session_name(), session_id()); + if (null !== $originalCookie) { + header(sprintf('%s; SameSite=%s', $originalCookie, $this->emulateSameSite), false); + } + } + $this->loadSession(); return true; @@ -215,6 +227,13 @@ public function regenerate($destroy = false, $lifetime = null) // @see https://bugs.php.net/70013 $this->loadSession(); + if (null !== $this->emulateSameSite) { + $originalCookie = SessionUtils::popSessionCookie(session_name(), session_id()); + if (null !== $originalCookie) { + header(sprintf('%s; SameSite=%s', $originalCookie, $this->emulateSameSite), false); + } + } + return $isRegenerated; } @@ -223,6 +242,7 @@ public function regenerate($destroy = false, $lifetime = null) */ public function save() { + // Store a copy so we can restore the bags in case the session was not left empty $session = $_SESSION; foreach ($this->bags as $bag) { @@ -248,7 +268,11 @@ public function save() session_write_close(); } finally { restore_error_handler(); - $_SESSION = $session; + + // Restore only if not empty + if ($_SESSION) { + $_SESSION = $session; + } } $this->closed = true; @@ -347,7 +371,7 @@ public function setOptions(array $options) $validOptions = array_flip([ 'cache_expire', 'cache_limiter', 'cookie_domain', 'cookie_httponly', - 'cookie_lifetime', 'cookie_path', 'cookie_secure', + 'cookie_lifetime', 'cookie_path', 'cookie_secure', 'cookie_samesite', 'entropy_file', 'entropy_length', 'gc_divisor', 'gc_maxlifetime', 'gc_probability', 'hash_bits_per_character', 'hash_function', 'lazy_write', 'name', 'referer_check', @@ -360,6 +384,12 @@ public function setOptions(array $options) foreach ($options as $key => $value) { if (isset($validOptions[$key])) { + if ('cookie_samesite' === $key && \PHP_VERSION_ID < 70300) { + // PHP < 7.3 does not support same_site cookies. We will emulate it in + // the start() method instead. + $this->emulateSameSite = $value; + continue; + } ini_set('url_rewriter.tags' !== $key ? 'session.'.$key : $key, $value); } } @@ -381,7 +411,7 @@ public function setOptions(array $options) * @see https://php.net/sessionhandlerinterface * @see https://php.net/sessionhandler * - * @param \SessionHandlerInterface|null $saveHandler + * @param AbstractProxy|\SessionHandlerInterface|null $saveHandler * * @throws \InvalidArgumentException */ diff --git a/Tests/Session/Storage/Handler/Fixtures/storage.expected b/Tests/Session/Storage/Handler/Fixtures/storage.expected index 4533a10a1..05a5d5d0b 100644 --- a/Tests/Session/Storage/Handler/Fixtures/storage.expected +++ b/Tests/Session/Storage/Handler/Fixtures/storage.expected @@ -11,10 +11,11 @@ $_SESSION is not empty write destroy close -$_SESSION is not empty +$_SESSION is empty Array ( [0] => Content-Type: text/plain; charset=utf-8 [1] => Cache-Control: max-age=0, private, must-revalidate + [2] => Set-Cookie: sid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; HttpOnly ) shutdown diff --git a/Tests/Session/Storage/Handler/Fixtures/with_cookie_and_session.expected b/Tests/Session/Storage/Handler/Fixtures/with_cookie_and_session.expected index 5de2d9e39..63078228d 100644 --- a/Tests/Session/Storage/Handler/Fixtures/with_cookie_and_session.expected +++ b/Tests/Session/Storage/Handler/Fixtures/with_cookie_and_session.expected @@ -20,5 +20,6 @@ Array [0] => Content-Type: text/plain; charset=utf-8 [1] => Cache-Control: max-age=10800, private, must-revalidate [2] => Set-Cookie: abc=def + [3] => Set-Cookie: sid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; HttpOnly ) shutdown diff --git a/Tests/Session/Storage/Handler/Fixtures/with_samesite.expected b/Tests/Session/Storage/Handler/Fixtures/with_samesite.expected new file mode 100644 index 000000000..d20fb88ec --- /dev/null +++ b/Tests/Session/Storage/Handler/Fixtures/with_samesite.expected @@ -0,0 +1,16 @@ +open +validateId +read +doRead: +read + +write +doWrite: foo|s:3:"bar"; +close +Array +( + [0] => Content-Type: text/plain; charset=utf-8 + [1] => Cache-Control: max-age=0, private, must-revalidate + [2] => Set-Cookie: sid=random_session_id; path=/; secure; HttpOnly; SameSite=lax +) +shutdown diff --git a/Tests/Session/Storage/Handler/Fixtures/with_samesite.php b/Tests/Session/Storage/Handler/Fixtures/with_samesite.php new file mode 100644 index 000000000..fc2c41828 --- /dev/null +++ b/Tests/Session/Storage/Handler/Fixtures/with_samesite.php @@ -0,0 +1,13 @@ + 'lax']); +$storage->setSaveHandler(new TestSessionHandler()); +$storage->start(); + +$_SESSION = ['foo' => 'bar']; + +ob_start(function ($buffer) { return str_replace(session_id(), 'random_session_id', $buffer); }); diff --git a/Tests/Session/Storage/Handler/Fixtures/with_samesite_and_migration.expected b/Tests/Session/Storage/Handler/Fixtures/with_samesite_and_migration.expected new file mode 100644 index 000000000..8b5fc08bd --- /dev/null +++ b/Tests/Session/Storage/Handler/Fixtures/with_samesite_and_migration.expected @@ -0,0 +1,23 @@ +open +validateId +read +doRead: +read +destroy +close +open +validateId +read +doRead: +read + +write +doWrite: foo|s:3:"bar"; +close +Array +( + [0] => Content-Type: text/plain; charset=utf-8 + [1] => Cache-Control: max-age=0, private, must-revalidate + [2] => Set-Cookie: sid=random_session_id; path=/; secure; HttpOnly; SameSite=lax +) +shutdown diff --git a/Tests/Session/Storage/Handler/Fixtures/with_samesite_and_migration.php b/Tests/Session/Storage/Handler/Fixtures/with_samesite_and_migration.php new file mode 100644 index 000000000..a28b6fedf --- /dev/null +++ b/Tests/Session/Storage/Handler/Fixtures/with_samesite_and_migration.php @@ -0,0 +1,15 @@ + 'lax']); +$storage->setSaveHandler(new TestSessionHandler()); +$storage->start(); + +$_SESSION = ['foo' => 'bar']; + +$storage->regenerate(true); + +ob_start(function ($buffer) { return preg_replace('~_sf2_meta.*$~m', '', str_replace(session_id(), 'random_session_id', $buffer)); }); diff --git a/Tests/Session/Storage/NativeSessionStorageTest.php b/Tests/Session/Storage/NativeSessionStorageTest.php index 9ce8108da..d2cf32452 100644 --- a/Tests/Session/Storage/NativeSessionStorageTest.php +++ b/Tests/Session/Storage/NativeSessionStorageTest.php @@ -36,7 +36,7 @@ class NativeSessionStorageTest extends TestCase protected function setUp() { $this->iniSet('session.save_handler', 'files'); - $this->iniSet('session.save_path', $this->savePath = sys_get_temp_dir().'/sf2test'); + $this->iniSet('session.save_path', $this->savePath = sys_get_temp_dir().'/sftest'); if (!is_dir($this->savePath)) { mkdir($this->savePath); } @@ -167,6 +167,10 @@ public function testCookieOptions() 'cookie_httponly' => false, ]; + if (\PHP_VERSION_ID >= 70300) { + $options['cookie_samesite'] = 'lax'; + } + $this->getStorage($options); $temp = session_get_cookie_params(); $gco = []; @@ -175,8 +179,6 @@ public function testCookieOptions() $gco['cookie_'.$key] = $value; } - unset($gco['cookie_samesite']); - $this->assertEquals($options, $gco); } From 7e41b4fcad4619535f45f8bfa7744c4f384e1648 Mon Sep 17 00:00:00 2001 From: Tobias Schultze Date: Thu, 13 Feb 2020 19:35:54 +0100 Subject: [PATCH 19/28] [HttpFoundation] fix not sending Content-Type header for 204 responses --- Response.php | 4 +++- Tests/ResponseTest.php | 12 ++---------- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/Response.php b/Response.php index 05f740b6a..b267cd8ce 100644 --- a/Response.php +++ b/Response.php @@ -267,10 +267,12 @@ public function prepare(Request $request) $this->setContent(null); $headers->remove('Content-Type'); $headers->remove('Content-Length'); + // prevent PHP from sending the Content-Type header based on default_mimetype + ini_set('default_mimetype', ''); } else { // Content-type based on the Request if (!$headers->has('Content-Type')) { - $format = $request->getPreferredFormat(); + $format = $request->getPreferredFormat(null); if (null !== $format && $mimeType = $request->getMimeType($format)) { $headers->set('Content-Type', $mimeType); } diff --git a/Tests/ResponseTest.php b/Tests/ResponseTest.php index a2a5574f2..d5da59ad7 100644 --- a/Tests/ResponseTest.php +++ b/Tests/ResponseTest.php @@ -461,18 +461,10 @@ public function testSetVary() public function testDefaultContentType() { - $headerMock = $this->getMockBuilder('Symfony\Component\HttpFoundation\ResponseHeaderBag')->setMethods(['set'])->getMock(); - $headerMock->expects($this->at(0)) - ->method('set') - ->with('Content-Type', 'text/html'); - $headerMock->expects($this->at(1)) - ->method('set') - ->with('Content-Type', 'text/html; charset=UTF-8'); - $response = new Response('foo'); - $response->headers = $headerMock; - $response->prepare(new Request()); + + $this->assertSame('text/html; charset=UTF-8', $response->headers->get('Content-Type')); } public function testContentTypeCharset() From 1791cbfce69e9440f5e01b389ddca92b163561fa Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Sun, 15 Mar 2020 10:01:00 +0100 Subject: [PATCH 20/28] Add missing dots at the end of exception messages --- File/File.php | 6 +++--- File/MimeType/MimeTypeGuesser.php | 2 +- File/UploadedFile.php | 2 +- Session/Storage/Handler/MemcacheSessionHandler.php | 2 +- Session/Storage/Handler/MemcachedSessionHandler.php | 2 +- Session/Storage/Handler/MongoDbSessionHandler.php | 4 ++-- Session/Storage/Handler/NativeFileSessionHandler.php | 4 ++-- Session/Storage/Handler/PdoSessionHandler.php | 4 ++-- Session/Storage/MockArraySessionStorage.php | 2 +- Session/Storage/MockFileSessionStorage.php | 4 ++-- Session/Storage/NativeSessionStorage.php | 2 +- Session/Storage/Proxy/AbstractProxy.php | 4 ++-- 12 files changed, 19 insertions(+), 19 deletions(-) diff --git a/File/File.php b/File/File.php index 34220588a..309339e5c 100644 --- a/File/File.php +++ b/File/File.php @@ -97,7 +97,7 @@ public function move($directory, $name = null) $renamed = rename($this->getPathname(), $target); restore_error_handler(); if (!$renamed) { - throw new FileException(sprintf('Could not move the file "%s" to "%s" (%s)', $this->getPathname(), $target, strip_tags($error))); + throw new FileException(sprintf('Could not move the file "%s" to "%s" (%s).', $this->getPathname(), $target, strip_tags($error))); } @chmod($target, 0666 & ~umask()); @@ -109,10 +109,10 @@ protected function getTargetFile($directory, $name = null) { if (!is_dir($directory)) { if (false === @mkdir($directory, 0777, true) && !is_dir($directory)) { - throw new FileException(sprintf('Unable to create the "%s" directory', $directory)); + throw new FileException(sprintf('Unable to create the "%s" directory.', $directory)); } } elseif (!is_writable($directory)) { - throw new FileException(sprintf('Unable to write in the "%s" directory', $directory)); + throw new FileException(sprintf('Unable to write in the "%s" directory.', $directory)); } $target = rtrim($directory, '/\\').\DIRECTORY_SEPARATOR.(null === $name ? $this->getBasename() : $this->getName($name)); diff --git a/File/MimeType/MimeTypeGuesser.php b/File/MimeType/MimeTypeGuesser.php index e05269fc8..8d971ed67 100644 --- a/File/MimeType/MimeTypeGuesser.php +++ b/File/MimeType/MimeTypeGuesser.php @@ -127,7 +127,7 @@ public function guess($path) } if (2 === \count($this->guessers) && !FileBinaryMimeTypeGuesser::isSupported() && !FileinfoMimeTypeGuesser::isSupported()) { - throw new \LogicException('Unable to guess the mime type as no guessers are available (Did you enable the php_fileinfo extension?)'); + throw new \LogicException('Unable to guess the mime type as no guessers are available (Did you enable the php_fileinfo extension?).'); } return null; diff --git a/File/UploadedFile.php b/File/UploadedFile.php index 86153ed49..5b75dd84f 100644 --- a/File/UploadedFile.php +++ b/File/UploadedFile.php @@ -196,7 +196,7 @@ public function move($directory, $name = null) $moved = move_uploaded_file($this->getPathname(), $target); restore_error_handler(); if (!$moved) { - throw new FileException(sprintf('Could not move the file "%s" to "%s" (%s)', $this->getPathname(), $target, strip_tags($error))); + throw new FileException(sprintf('Could not move the file "%s" to "%s" (%s).', $this->getPathname(), $target, strip_tags($error))); } @chmod($target, 0666 & ~umask()); diff --git a/Session/Storage/Handler/MemcacheSessionHandler.php b/Session/Storage/Handler/MemcacheSessionHandler.php index 3abc33caa..d4b68ae8b 100644 --- a/Session/Storage/Handler/MemcacheSessionHandler.php +++ b/Session/Storage/Handler/MemcacheSessionHandler.php @@ -47,7 +47,7 @@ class MemcacheSessionHandler implements \SessionHandlerInterface public function __construct(\Memcache $memcache, array $options = []) { if ($diff = array_diff(array_keys($options), ['prefix', 'expiretime'])) { - throw new \InvalidArgumentException(sprintf('The following options are not supported "%s"', implode(', ', $diff))); + throw new \InvalidArgumentException(sprintf('The following options are not supported "%s".', implode(', ', $diff))); } $this->memcache = $memcache; diff --git a/Session/Storage/Handler/MemcachedSessionHandler.php b/Session/Storage/Handler/MemcachedSessionHandler.php index a399be5fd..6711e0a55 100644 --- a/Session/Storage/Handler/MemcachedSessionHandler.php +++ b/Session/Storage/Handler/MemcachedSessionHandler.php @@ -47,7 +47,7 @@ public function __construct(\Memcached $memcached, array $options = []) $this->memcached = $memcached; if ($diff = array_diff(array_keys($options), ['prefix', 'expiretime'])) { - throw new \InvalidArgumentException(sprintf('The following options are not supported "%s"', implode(', ', $diff))); + throw new \InvalidArgumentException(sprintf('The following options are not supported "%s".', implode(', ', $diff))); } $this->ttl = isset($options['expiretime']) ? (int) $options['expiretime'] : 86400; diff --git a/Session/Storage/Handler/MongoDbSessionHandler.php b/Session/Storage/Handler/MongoDbSessionHandler.php index 1dd724066..d84f2e9d0 100644 --- a/Session/Storage/Handler/MongoDbSessionHandler.php +++ b/Session/Storage/Handler/MongoDbSessionHandler.php @@ -74,11 +74,11 @@ public function __construct($mongo, array $options) } if (!($mongo instanceof \MongoDB\Client || $mongo instanceof \MongoClient || $mongo instanceof \Mongo)) { - throw new \InvalidArgumentException('MongoClient or Mongo instance required'); + throw new \InvalidArgumentException('MongoClient or Mongo instance required.'); } if (!isset($options['database']) || !isset($options['collection'])) { - throw new \InvalidArgumentException('You must provide the "database" and "collection" option for MongoDBSessionHandler'); + throw new \InvalidArgumentException('You must provide the "database" and "collection" option for MongoDBSessionHandler.'); } $this->mongo = $mongo; diff --git a/Session/Storage/Handler/NativeFileSessionHandler.php b/Session/Storage/Handler/NativeFileSessionHandler.php index 8b7615ec1..f24271fbf 100644 --- a/Session/Storage/Handler/NativeFileSessionHandler.php +++ b/Session/Storage/Handler/NativeFileSessionHandler.php @@ -38,7 +38,7 @@ public function __construct($savePath = null) if ($count = substr_count($savePath, ';')) { if ($count > 2) { - throw new \InvalidArgumentException(sprintf('Invalid argument $savePath \'%s\'', $savePath)); + throw new \InvalidArgumentException(sprintf('Invalid argument $savePath \'%s\'.', $savePath)); } // characters after last ';' are the path @@ -46,7 +46,7 @@ public function __construct($savePath = null) } if ($baseDir && !is_dir($baseDir) && !@mkdir($baseDir, 0777, true) && !is_dir($baseDir)) { - throw new \RuntimeException(sprintf('Session Storage was not able to create directory "%s"', $baseDir)); + throw new \RuntimeException(sprintf('Session Storage was not able to create directory "%s".', $baseDir)); } ini_set('session.save_path', $savePath); diff --git a/Session/Storage/Handler/PdoSessionHandler.php b/Session/Storage/Handler/PdoSessionHandler.php index 653ca6917..d1cf622bd 100644 --- a/Session/Storage/Handler/PdoSessionHandler.php +++ b/Session/Storage/Handler/PdoSessionHandler.php @@ -173,7 +173,7 @@ public function __construct($pdoOrDsn = null, array $options = []) { if ($pdoOrDsn instanceof \PDO) { if (\PDO::ERRMODE_EXCEPTION !== $pdoOrDsn->getAttribute(\PDO::ATTR_ERRMODE)) { - throw new \InvalidArgumentException(sprintf('"%s" requires PDO error mode attribute be set to throw Exceptions (i.e. $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION))', __CLASS__)); + throw new \InvalidArgumentException(sprintf('"%s" requires PDO error mode attribute be set to throw Exceptions (i.e. $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION)).', __CLASS__)); } $this->pdo = $pdoOrDsn; @@ -465,7 +465,7 @@ private function buildDsnFromUrl($dsnOrUrl) } if (!isset($params['scheme'])) { - throw new \InvalidArgumentException('URLs without scheme are not supported to configure the PdoSessionHandler'); + throw new \InvalidArgumentException('URLs without scheme are not supported to configure the PdoSessionHandler.'); } $driverAliasMap = [ diff --git a/Session/Storage/MockArraySessionStorage.php b/Session/Storage/MockArraySessionStorage.php index c1e7523c5..969f272fb 100644 --- a/Session/Storage/MockArraySessionStorage.php +++ b/Session/Storage/MockArraySessionStorage.php @@ -152,7 +152,7 @@ public function setName($name) public function save() { if (!$this->started || $this->closed) { - throw new \RuntimeException('Trying to save a session that was not started yet or was already closed'); + throw new \RuntimeException('Trying to save a session that was not started yet or was already closed.'); } // nothing to do since we don't persist the session data $this->closed = false; diff --git a/Session/Storage/MockFileSessionStorage.php b/Session/Storage/MockFileSessionStorage.php index 9bbd1baf2..c5b1d1a36 100644 --- a/Session/Storage/MockFileSessionStorage.php +++ b/Session/Storage/MockFileSessionStorage.php @@ -38,7 +38,7 @@ public function __construct($savePath = null, $name = 'MOCKSESSID', MetadataBag } if (!is_dir($savePath) && !@mkdir($savePath, 0777, true) && !is_dir($savePath)) { - throw new \RuntimeException(sprintf('Session Storage was not able to create directory "%s"', $savePath)); + throw new \RuntimeException(sprintf('Session Storage was not able to create directory "%s".', $savePath)); } $this->savePath = $savePath; @@ -88,7 +88,7 @@ public function regenerate($destroy = false, $lifetime = null) public function save() { if (!$this->started) { - throw new \RuntimeException('Trying to save a session that was not started yet or was already closed'); + throw new \RuntimeException('Trying to save a session that was not started yet or was already closed.'); } $data = $this->data; diff --git a/Session/Storage/NativeSessionStorage.php b/Session/Storage/NativeSessionStorage.php index 7502897a4..33a146553 100644 --- a/Session/Storage/NativeSessionStorage.php +++ b/Session/Storage/NativeSessionStorage.php @@ -152,7 +152,7 @@ public function start() // ok to try and start the session if (!session_start()) { - throw new \RuntimeException('Failed to start the session'); + throw new \RuntimeException('Failed to start the session.'); } if (null !== $this->emulateSameSite) { diff --git a/Session/Storage/Proxy/AbstractProxy.php b/Session/Storage/Proxy/AbstractProxy.php index cd0635a16..b9c2682b3 100644 --- a/Session/Storage/Proxy/AbstractProxy.php +++ b/Session/Storage/Proxy/AbstractProxy.php @@ -88,7 +88,7 @@ public function getId() public function setId($id) { if ($this->isActive()) { - throw new \LogicException('Cannot change the ID of an active session'); + throw new \LogicException('Cannot change the ID of an active session.'); } session_id($id); @@ -114,7 +114,7 @@ public function getName() public function setName($name) { if ($this->isActive()) { - throw new \LogicException('Cannot change the name of an active session'); + throw new \LogicException('Cannot change the name of an active session.'); } session_name($name); From 01887e8604ffa17e5078c7815279282796711689 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Sun, 15 Mar 2020 11:08:38 +0100 Subject: [PATCH 21/28] Add missing dots at the end of exception messages --- Request.php | 2 +- Session/Storage/Handler/RedisSessionHandler.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Request.php b/Request.php index 6690b9b22..bff1c0cbf 100644 --- a/Request.php +++ b/Request.php @@ -725,7 +725,7 @@ public function getSession() if (null === $session) { @trigger_error(sprintf('Calling "%s()" when no session has been set is deprecated since Symfony 4.1 and will throw an exception in 5.0. Use "hasSession()" instead.', __METHOD__), E_USER_DEPRECATED); - // throw new \BadMethodCallException('Session has not been set'); + // throw new \BadMethodCallException('Session has not been set.'); } return $session; diff --git a/Session/Storage/Handler/RedisSessionHandler.php b/Session/Storage/Handler/RedisSessionHandler.php index e5be90d5f..1b83de09b 100644 --- a/Session/Storage/Handler/RedisSessionHandler.php +++ b/Session/Storage/Handler/RedisSessionHandler.php @@ -54,11 +54,11 @@ public function __construct($redis, array $options = []) !$redis instanceof RedisProxy && !$redis instanceof RedisClusterProxy ) { - throw new \InvalidArgumentException(sprintf('%s() expects parameter 1 to be Redis, RedisArray, RedisCluster or Predis\ClientInterface, %s given', __METHOD__, \is_object($redis) ? \get_class($redis) : \gettype($redis))); + throw new \InvalidArgumentException(sprintf('%s() expects parameter 1 to be Redis, RedisArray, RedisCluster or Predis\ClientInterface, %s given.', __METHOD__, \is_object($redis) ? \get_class($redis) : \gettype($redis))); } if ($diff = array_diff(array_keys($options), ['prefix', 'ttl'])) { - throw new \InvalidArgumentException(sprintf('The following options are not supported "%s"', implode(', ', $diff))); + throw new \InvalidArgumentException(sprintf('The following options are not supported "%s".', implode(', ', $diff))); } $this->redis = $redis; From 13f9b084cddc2dd0a77836c703594ad970f09291 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 16 Mar 2020 08:32:23 +0100 Subject: [PATCH 22/28] Fix quotes in exception messages --- HeaderBag.php | 2 +- Session/Storage/MockArraySessionStorage.php | 2 +- Session/Storage/NativeSessionStorage.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/HeaderBag.php b/HeaderBag.php index 35bd6ad8f..0b19faec5 100644 --- a/HeaderBag.php +++ b/HeaderBag.php @@ -225,7 +225,7 @@ public function getDate($key, \DateTime $default = null) } if (false === $date = \DateTime::createFromFormat(DATE_RFC2822, $value)) { - throw new \RuntimeException(sprintf('The %s HTTP header is not parseable (%s).', $key, $value)); + throw new \RuntimeException(sprintf('The "%s" HTTP header is not parseable (%s).', $key, $value)); } return $date; diff --git a/Session/Storage/MockArraySessionStorage.php b/Session/Storage/MockArraySessionStorage.php index 969f272fb..5474d92e3 100644 --- a/Session/Storage/MockArraySessionStorage.php +++ b/Session/Storage/MockArraySessionStorage.php @@ -190,7 +190,7 @@ public function registerBag(SessionBagInterface $bag) public function getBag($name) { if (!isset($this->bags[$name])) { - throw new \InvalidArgumentException(sprintf('The SessionBagInterface %s is not registered.', $name)); + throw new \InvalidArgumentException(sprintf('The SessionBagInterface "%s" is not registered.', $name)); } if (!$this->started) { diff --git a/Session/Storage/NativeSessionStorage.php b/Session/Storage/NativeSessionStorage.php index 33a146553..5165b5d0d 100644 --- a/Session/Storage/NativeSessionStorage.php +++ b/Session/Storage/NativeSessionStorage.php @@ -314,7 +314,7 @@ public function registerBag(SessionBagInterface $bag) public function getBag($name) { if (!isset($this->bags[$name])) { - throw new \InvalidArgumentException(sprintf('The SessionBagInterface %s is not registered.', $name)); + throw new \InvalidArgumentException(sprintf('The SessionBagInterface "%s" is not registered.', $name)); } if (!$this->started && $this->saveHandler->isActive()) { From f4dc52b1eb2b19ebf7c697d0017027aef6996c9c Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 16 Mar 2020 11:25:47 +0100 Subject: [PATCH 23/28] Fix quotes in exception messages --- Session/Storage/Handler/RedisSessionHandler.php | 2 +- Session/Storage/Handler/SessionHandlerFactory.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Session/Storage/Handler/RedisSessionHandler.php b/Session/Storage/Handler/RedisSessionHandler.php index 1b83de09b..8fc19c6bc 100644 --- a/Session/Storage/Handler/RedisSessionHandler.php +++ b/Session/Storage/Handler/RedisSessionHandler.php @@ -54,7 +54,7 @@ public function __construct($redis, array $options = []) !$redis instanceof RedisProxy && !$redis instanceof RedisClusterProxy ) { - throw new \InvalidArgumentException(sprintf('%s() expects parameter 1 to be Redis, RedisArray, RedisCluster or Predis\ClientInterface, %s given.', __METHOD__, \is_object($redis) ? \get_class($redis) : \gettype($redis))); + throw new \InvalidArgumentException(sprintf('%s() expects parameter 1 to be Redis, RedisArray, RedisCluster or Predis\ClientInterface, "%s" given.', __METHOD__, \is_object($redis) ? \get_class($redis) : \gettype($redis))); } if ($diff = array_diff(array_keys($options), ['prefix', 'ttl'])) { diff --git a/Session/Storage/Handler/SessionHandlerFactory.php b/Session/Storage/Handler/SessionHandlerFactory.php index b92bd0ffd..a5ebd29eb 100644 --- a/Session/Storage/Handler/SessionHandlerFactory.php +++ b/Session/Storage/Handler/SessionHandlerFactory.php @@ -27,7 +27,7 @@ class SessionHandlerFactory public static function createHandler($connection): AbstractSessionHandler { if (!\is_string($connection) && !\is_object($connection)) { - throw new \TypeError(sprintf('Argument 1 passed to %s() must be a string or a connection object, %s given.', __METHOD__, \gettype($connection))); + throw new \TypeError(sprintf('Argument 1 passed to "%s()" must be a string or a connection object, "%s" given.', __METHOD__, \gettype($connection))); } switch (true) { @@ -46,7 +46,7 @@ public static function createHandler($connection): AbstractSessionHandler return new PdoSessionHandler($connection); case !\is_string($connection): - throw new \InvalidArgumentException(sprintf('Unsupported Connection: %s.', \get_class($connection))); + throw new \InvalidArgumentException(sprintf('Unsupported Connection: "%s".', \get_class($connection))); case 0 === strpos($connection, 'file://'): return new StrictSessionHandler(new NativeFileSessionHandler(substr($connection, 7))); @@ -80,6 +80,6 @@ public static function createHandler($connection): AbstractSessionHandler return new PdoSessionHandler($connection); } - throw new \InvalidArgumentException(sprintf('Unsupported Connection: %s.', $connection)); + throw new \InvalidArgumentException(sprintf('Unsupported Connection: "%s".', $connection)); } } From ff006c7736a22ffac6c9e76db451db026e414325 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 16 Mar 2020 17:13:17 +0100 Subject: [PATCH 24/28] Fix more quotes in exception messages --- Session/Storage/Handler/RedisSessionHandler.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Session/Storage/Handler/RedisSessionHandler.php b/Session/Storage/Handler/RedisSessionHandler.php index 8fc19c6bc..699d6da6f 100644 --- a/Session/Storage/Handler/RedisSessionHandler.php +++ b/Session/Storage/Handler/RedisSessionHandler.php @@ -54,7 +54,7 @@ public function __construct($redis, array $options = []) !$redis instanceof RedisProxy && !$redis instanceof RedisClusterProxy ) { - throw new \InvalidArgumentException(sprintf('%s() expects parameter 1 to be Redis, RedisArray, RedisCluster or Predis\ClientInterface, "%s" given.', __METHOD__, \is_object($redis) ? \get_class($redis) : \gettype($redis))); + throw new \InvalidArgumentException(sprintf('"%s()" expects parameter 1 to be Redis, RedisArray, RedisCluster or Predis\ClientInterface, "%s" given.', __METHOD__, \is_object($redis) ? \get_class($redis) : \gettype($redis))); } if ($diff = array_diff(array_keys($options), ['prefix', 'ttl'])) { From 109ac257dfc057f3301034947e22c823f3f6d6e8 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Tue, 24 Sep 2019 13:01:54 +0200 Subject: [PATCH 25/28] [DI] fix preloading script generation --- AcceptHeader.php | 3 +++ Request.php | 8 ++++++++ Response.php | 3 +++ Session/Session.php | 5 +++++ Session/Storage/NativeSessionStorage.php | 5 +++++ 5 files changed, 24 insertions(+) diff --git a/AcceptHeader.php b/AcceptHeader.php index bbbd62a6d..c3c8d0c35 100644 --- a/AcceptHeader.php +++ b/AcceptHeader.php @@ -11,6 +11,9 @@ namespace Symfony\Component\HttpFoundation; +// Help opcache.preload discover always-needed symbols +class_exists(AcceptHeaderItem::class); + /** * Represents an Accept-* header. * diff --git a/Request.php b/Request.php index bff1c0cbf..a5e50eb79 100644 --- a/Request.php +++ b/Request.php @@ -15,6 +15,14 @@ use Symfony\Component\HttpFoundation\Exception\SuspiciousOperationException; use Symfony\Component\HttpFoundation\Session\SessionInterface; +// Help opcache.preload discover always-needed symbols +class_exists(AcceptHeader::class); +class_exists(FileBag::class); +class_exists(HeaderBag::class); +class_exists(HeaderUtils::class); +class_exists(ParameterBag::class); +class_exists(ServerBag::class); + /** * Request represents an HTTP request. * diff --git a/Response.php b/Response.php index b267cd8ce..714109d53 100644 --- a/Response.php +++ b/Response.php @@ -11,6 +11,9 @@ namespace Symfony\Component\HttpFoundation; +// Help opcache.preload discover always-needed symbols +class_exists(ResponseHeaderBag::class); + /** * Response represents an HTTP response. * diff --git a/Session/Session.php b/Session/Session.php index 2192c629e..b6973aaab 100644 --- a/Session/Session.php +++ b/Session/Session.php @@ -18,6 +18,11 @@ use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage; use Symfony\Component\HttpFoundation\Session\Storage\SessionStorageInterface; +// Help opcache.preload discover always-needed symbols +class_exists(AttributeBag::class); +class_exists(FlashBag::class); +class_exists(SessionBagProxy::class); + /** * @author Fabien Potencier * @author Drak diff --git a/Session/Storage/NativeSessionStorage.php b/Session/Storage/NativeSessionStorage.php index 93a5d54e4..54933d953 100644 --- a/Session/Storage/NativeSessionStorage.php +++ b/Session/Storage/NativeSessionStorage.php @@ -17,6 +17,11 @@ use Symfony\Component\HttpFoundation\Session\Storage\Proxy\AbstractProxy; use Symfony\Component\HttpFoundation\Session\Storage\Proxy\SessionHandlerProxy; +// Help opcache.preload discover always-needed symbols +class_exists(MetadataBag::class); +class_exists(StrictSessionHandler::class); +class_exists(SessionHandlerProxy::class); + /** * This provides a base class for session attribute storage. * From a8833c56f6a4abcf17a319d830d71fdb0ba93675 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guillaume=20P=C3=A9delagrabe?= Date: Mon, 23 Mar 2020 11:02:50 +0100 Subject: [PATCH 26/28] [Http Foundation] Fix clear cookie samesite --- ResponseHeaderBag.php | 7 +++++-- Tests/ResponseHeaderBagTest.php | 8 ++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/ResponseHeaderBag.php b/ResponseHeaderBag.php index e11b98a10..9a6f87648 100644 --- a/ResponseHeaderBag.php +++ b/ResponseHeaderBag.php @@ -244,10 +244,13 @@ public function getCookies($format = self::COOKIES_FLAT) * @param string $domain * @param bool $secure * @param bool $httpOnly + * @param string $sameSite */ - public function clearCookie($name, $path = '/', $domain = null, $secure = false, $httpOnly = true) + public function clearCookie($name, $path = '/', $domain = null, $secure = false, $httpOnly = true/*, $sameSite = null*/) { - $this->setCookie(new Cookie($name, null, 1, $path, $domain, $secure, $httpOnly)); + $sameSite = \func_num_args() > 5 ? func_get_arg(5) : null; + + $this->setCookie(new Cookie($name, null, 1, $path, $domain, $secure, $httpOnly, false, $sameSite)); } /** diff --git a/Tests/ResponseHeaderBagTest.php b/Tests/ResponseHeaderBagTest.php index 4e3a6c82b..632c96df5 100644 --- a/Tests/ResponseHeaderBagTest.php +++ b/Tests/ResponseHeaderBagTest.php @@ -128,6 +128,14 @@ public function testClearCookieSecureNotHttpOnly() $this->assertSetCookieHeader('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; Max-Age=0; path=/; secure', $bag); } + public function testClearCookieSamesite() + { + $bag = new ResponseHeaderBag([]); + + $bag->clearCookie('foo', '/', null, true, false, 'none'); + $this->assertSetCookieHeader('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; Max-Age=0; path=/; secure; samesite=none', $bag); + } + public function testReplace() { $bag = new ResponseHeaderBag([]); From 67d01969b7cd2c62b3399bfce0a601d5225071dc Mon Sep 17 00:00:00 2001 From: Tobias Schultze Date: Wed, 25 Mar 2020 22:25:16 +0100 Subject: [PATCH 27/28] add missing gitattributes for phpunit-bridge --- .gitattributes | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitattributes b/.gitattributes index ebb928704..84c7add05 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,3 +1,4 @@ /Tests export-ignore /phpunit.xml.dist export-ignore +/.gitattributes export-ignore /.gitignore export-ignore From 62f92509c9abfd1f73e17b8cf1b72c0bdac6611b Mon Sep 17 00:00:00 2001 From: Yonel Ceruto Date: Tue, 11 Feb 2020 09:34:35 -0500 Subject: [PATCH 28/28] [HttpFoundation] Do not set the default Content-Type based on the Accept header --- Request.php | 4 +++- Response.php | 2 +- Tests/ResponseTest.php | 15 ++++++++++++++- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/Request.php b/Request.php index a5e50eb79..33f4efb5e 100644 --- a/Request.php +++ b/Request.php @@ -1590,7 +1590,9 @@ public function isNoCache() * Gets the preferred format for the response by inspecting, in the following order: * * the request format set using setRequestFormat * * the values of the Accept HTTP header - * * the content type of the body of the request. + * + * Note that if you use this method, you should send the "Vary: Accept" header + * in the response to prevent any issues with intermediary HTTP caches. */ public function getPreferredFormat(?string $default = 'html'): ?string { diff --git a/Response.php b/Response.php index 714109d53..b9177934a 100644 --- a/Response.php +++ b/Response.php @@ -275,7 +275,7 @@ public function prepare(Request $request) } else { // Content-type based on the Request if (!$headers->has('Content-Type')) { - $format = $request->getPreferredFormat(null); + $format = $request->getRequestFormat(null); if (null !== $format && $mimeType = $request->getMimeType($format)) { $headers->set('Content-Type', $mimeType); } diff --git a/Tests/ResponseTest.php b/Tests/ResponseTest.php index d5da59ad7..c766f88a2 100644 --- a/Tests/ResponseTest.php +++ b/Tests/ResponseTest.php @@ -497,12 +497,25 @@ public function testPrepareDoesNothingIfRequestFormatIsNotDefined() $this->assertEquals('text/html; charset=UTF-8', $response->headers->get('content-type')); } + /** + * Same URL cannot produce different Content-Type based on the value of the Accept header, + * unless explicitly stated in the response object. + */ + public function testPrepareDoesNotSetContentTypeBasedOnRequestAcceptHeader() + { + $response = new Response('foo'); + $request = Request::create('/'); + $request->headers->set('Accept', 'application/json'); + $response->prepare($request); + + $this->assertSame('text/html; charset=UTF-8', $response->headers->get('content-type')); + } + public function testPrepareSetContentType() { $response = new Response('foo'); $request = Request::create('/'); $request->setRequestFormat('json'); - $request->headers->remove('accept'); $response->prepare($request);