Chris@0: CHANGELOG Chris@0: ========= Chris@0: Chris@17: 3.4.14 Chris@17: ------ Chris@17: Chris@17: * [BC BREAK] Support for the IIS-only `X_ORIGINAL_URL` and `X_REWRITE_URL` Chris@17: HTTP headers has been dropped for security reasons. Chris@17: Chris@14: 3.4.0 Chris@14: ----- Chris@14: Chris@14: * implemented PHP 7.0's `SessionUpdateTimestampHandlerInterface` with a new Chris@14: `AbstractSessionHandler` base class and a new `StrictSessionHandler` wrapper Chris@14: * deprecated the `WriteCheckSessionHandler`, `NativeSessionHandler` and `NativeProxy` classes Chris@14: * deprecated setting session save handlers that do not implement `\SessionHandlerInterface` in `NativeSessionStorage::setSaveHandler()` Chris@14: * deprecated using `MongoDbSessionHandler` with the legacy mongo extension; use it with the mongodb/mongodb package and ext-mongodb instead Chris@14: * deprecated `MemcacheSessionHandler`; use `MemcachedSessionHandler` instead Chris@14: Chris@14: 3.3.0 Chris@14: ----- Chris@14: Chris@14: * the `Request::setTrustedProxies()` method takes a new `$trustedHeaderSet` argument, Chris@14: see http://symfony.com/doc/current/components/http_foundation/trusting_proxies.html for more info, Chris@14: * deprecated the `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` methods, Chris@14: * added `File\Stream`, to be passed to `BinaryFileResponse` when the size of the served file is unknown, Chris@14: disabling `Range` and `Content-Length` handling, switching to chunked encoding instead Chris@14: * added the `Cookie::fromString()` method that allows to create a cookie from a Chris@14: raw header string Chris@14: Chris@0: 3.1.0 Chris@0: ----- Chris@0: Chris@0: * Added support for creating `JsonResponse` with a string of JSON data Chris@0: Chris@0: 3.0.0 Chris@0: ----- Chris@0: Chris@0: * The precedence of parameters returned from `Request::get()` changed from "GET, PATH, BODY" to "PATH, GET, BODY" Chris@0: Chris@0: 2.8.0 Chris@0: ----- Chris@0: Chris@0: * Finding deep items in `ParameterBag::get()` is deprecated since version 2.8 and Chris@0: will be removed in 3.0. Chris@0: Chris@0: 2.6.0 Chris@0: ----- Chris@0: Chris@0: * PdoSessionHandler changes Chris@0: - implemented different session locking strategies to prevent loss of data by concurrent access to the same session Chris@0: - [BC BREAK] save session data in a binary column without base64_encode Chris@0: - [BC BREAK] added lifetime column to the session table which allows to have different lifetimes for each session Chris@0: - implemented lazy connections that are only opened when a session is used by either passing a dsn string Chris@0: explicitly or falling back to session.save_path ini setting Chris@0: - added a createTable method that initializes a correctly defined table depending on the database vendor Chris@0: Chris@0: 2.5.0 Chris@0: ----- Chris@0: Chris@0: * added `JsonResponse::setEncodingOptions()` & `JsonResponse::getEncodingOptions()` for easier manipulation Chris@0: of the options used while encoding data to JSON format. Chris@0: Chris@0: 2.4.0 Chris@0: ----- Chris@0: Chris@0: * added RequestStack Chris@0: * added Request::getEncodings() Chris@0: * added accessors methods to session handlers Chris@0: Chris@0: 2.3.0 Chris@0: ----- Chris@0: Chris@0: * added support for ranges of IPs in trusted proxies Chris@0: * `UploadedFile::isValid` now returns false if the file was not uploaded via HTTP (in a non-test mode) Chris@0: * Improved error-handling of `\Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler` Chris@0: to ensure the supplied PDO handler throws Exceptions on error (as the class expects). Added related test cases Chris@0: to verify that Exceptions are properly thrown when the PDO queries fail. Chris@0: Chris@0: 2.2.0 Chris@0: ----- Chris@0: Chris@0: * fixed the Request::create() precedence (URI information always take precedence now) Chris@0: * added Request::getTrustedProxies() Chris@0: * deprecated Request::isProxyTrusted() Chris@0: * [BC BREAK] JsonResponse does not turn a top level empty array to an object anymore, use an ArrayObject to enforce objects Chris@0: * added a IpUtils class to check if an IP belongs to a CIDR Chris@0: * added Request::getRealMethod() to get the "real" HTTP method (getMethod() returns the "intended" HTTP method) Chris@0: * disabled _method request parameter support by default (call Request::enableHttpMethodParameterOverride() to Chris@0: enable it, and Request::getHttpMethodParameterOverride() to check if it is supported) Chris@0: * Request::splitHttpAcceptHeader() method is deprecated and will be removed in 2.3 Chris@0: * Deprecated Flashbag::count() and \Countable interface, will be removed in 2.3 Chris@0: Chris@0: 2.1.0 Chris@0: ----- Chris@0: Chris@0: * added Request::getSchemeAndHttpHost() and Request::getUserInfo() Chris@0: * added a fluent interface to the Response class Chris@0: * added Request::isProxyTrusted() Chris@0: * added JsonResponse Chris@0: * added a getTargetUrl method to RedirectResponse Chris@0: * added support for streamed responses Chris@0: * made Response::prepare() method the place to enforce HTTP specification Chris@0: * [BC BREAK] moved management of the locale from the Session class to the Request class Chris@0: * added a generic access to the PHP built-in filter mechanism: ParameterBag::filter() Chris@0: * made FileBinaryMimeTypeGuesser command configurable Chris@0: * added Request::getUser() and Request::getPassword() Chris@0: * added support for the PATCH method in Request Chris@0: * removed the ContentTypeMimeTypeGuesser class as it is deprecated and never used on PHP 5.3 Chris@0: * added ResponseHeaderBag::makeDisposition() (implements RFC 6266) Chris@0: * made mimetype to extension conversion configurable Chris@0: * [BC BREAK] Moved all session related classes and interfaces into own namespace, as Chris@0: `Symfony\Component\HttpFoundation\Session` and renamed classes accordingly. Chris@0: Session handlers are located in the subnamespace `Symfony\Component\HttpFoundation\Session\Handler`. Chris@0: * SessionHandlers must implement `\SessionHandlerInterface` or extend from the Chris@0: `Symfony\Component\HttpFoundation\Storage\Handler\NativeSessionHandler` base class. Chris@0: * Added internal storage driver proxy mechanism for forward compatibility with Chris@0: PHP 5.4 `\SessionHandler` class. Chris@0: * Added session handlers for custom Memcache, Memcached and Null session save handlers. Chris@0: * [BC BREAK] Removed `NativeSessionStorage` and replaced with `NativeFileSessionHandler`. Chris@0: * [BC BREAK] `SessionStorageInterface` methods removed: `write()`, `read()` and Chris@0: `remove()`. Added `getBag()`, `registerBag()`. The `NativeSessionStorage` class Chris@0: is a mediator for the session storage internals including the session handlers Chris@0: which do the real work of participating in the internal PHP session workflow. Chris@0: * [BC BREAK] Introduced mock implementations of `SessionStorage` to enable unit Chris@0: and functional testing without starting real PHP sessions. Removed Chris@0: `ArraySessionStorage`, and replaced with `MockArraySessionStorage` for unit Chris@0: tests; removed `FilesystemSessionStorage`, and replaced with`MockFileSessionStorage` Chris@0: for functional tests. These do not interact with global session ini Chris@0: configuration values, session functions or `$_SESSION` superglobal. This means Chris@0: they can be configured directly allowing multiple instances to work without Chris@0: conflicting in the same PHP process. Chris@0: * [BC BREAK] Removed the `close()` method from the `Session` class, as this is Chris@0: now redundant. Chris@0: * Deprecated the following methods from the Session class: `setFlash()`, `setFlashes()` Chris@0: `getFlash()`, `hasFlash()`, and `removeFlash()`. Use `getFlashBag()` instead Chris@0: which returns a `FlashBagInterface`. Chris@0: * `Session->clear()` now only clears session attributes as before it cleared Chris@0: flash messages and attributes. `Session->getFlashBag()->all()` clears flashes now. Chris@0: * Session data is now managed by `SessionBagInterface` to better encapsulate Chris@0: session data. Chris@0: * Refactored session attribute and flash messages system to their own Chris@0: `SessionBagInterface` implementations. Chris@0: * Added `FlashBag`. Flashes expire when retrieved by `get()` or `all()`. This Chris@0: implementation is ESI compatible. Chris@0: * Added `AutoExpireFlashBag` (default) to replicate Symfony 2.0.x auto expire Chris@18: behavior of messages auto expiring after one page page load. Messages must Chris@0: be retrieved by `get()` or `all()`. Chris@0: * Added `Symfony\Component\HttpFoundation\Attribute\AttributeBag` to replicate Chris@18: attributes storage behavior from 2.0.x (default). Chris@0: * Added `Symfony\Component\HttpFoundation\Attribute\NamespacedAttributeBag` for Chris@0: namespace session attributes. Chris@0: * Flash API can stores messages in an array so there may be multiple messages Chris@0: per flash type. The old `Session` class API remains without BC break as it Chris@0: will allow single messages as before. Chris@0: * Added basic session meta-data to the session to record session create time, Chris@0: last updated time, and the lifetime of the session cookie that was provided Chris@0: to the client. Chris@0: * Request::getClientIp() method doesn't take a parameter anymore but bases Chris@0: itself on the trustProxy parameter. Chris@0: * Added isMethod() to Request object. Chris@0: * [BC BREAK] The methods `getPathInfo()`, `getBaseUrl()` and `getBasePath()` of Chris@0: a `Request` now all return a raw value (vs a urldecoded value before). Any call Chris@0: to one of these methods must be checked and wrapped in a `rawurldecode()` if Chris@0: needed.