Merge branch '2.1'

* 2.1: added a warning about a security issue when using the _internal route updated VENDORS for 2.1.5 updated vendors to dev branches updated VENDORS for 2.0.20 added default configuration for trusted proxies Add a note to the 2.0 -> 2.1 upgrade guide about completing all steps before running composer install updated VENDORS for 2.1.4 updated vendors to dev branches updated VENDORS for 2.0.19 Conflicts: app/config/config.yml composer.lock
gnat42 · Dec 20, 2012 · c99acc8 · c99acc8
2 parents 99f74db + 1a13f1a
commit c99acc8
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 5 deletions.
diff --git a/UPGRADE.md b/UPGRADE.md
@@ -32,6 +32,8 @@ Finally, run Composer:
 
     $ composer.phar install
 
+Note: You must complete the upgrade steps below so composer can successfully generate the autoload files.
+
 ### `app/autoload.php`
 
 The default `autoload.php` reads as follows (it has been simplified a lot as

diff --git a/app/SymfonyRequirements.php b/app/SymfonyRequirements.php
@@ -500,9 +500,9 @@ function_exists('simplexml_import_dom'),
         $pcreVersion = defined('PCRE_VERSION') ? (float) PCRE_VERSION : null;
 
         $this->addRequirement(
-            null !== $pcreVersion && $pcreVersion > 8.0,
-            sprintf('PCRE extension must be available and at least 8.0 (%s installed)', $pcreVersion ? $pcreVersion : 'not'),
-            'Upgrade your <strong>PCRE</strong> extension (8.0+).'
+            null !== $pcreVersion,
+            'PCRE extension must be available',
+            'Install the <strong>PCRE</strong> extension (version 8.0+).'
         );
 
         /* optional recommendations follow */
@@ -531,6 +531,14 @@ function_exists('simplexml_import_dom'),
             'Your project might not work properly due to the PHP bug #61453 ("Cannot dump definitions which have method calls"). Install PHP 5.4.1 or newer.'
         );
 
+        if (null !== $pcreVersion) {
+            $this->addRecommendation(
+                $pcreVersion >= 8.0,
+                sprintf('PCRE extension should be at least version 8.0 (%s installed)', $pcreVersion),
+                '<strong>PCRE 8.0+</strong> is preconfigured in PHP since 5.3.2 but you are using an outdated version of it. Symfony probably works anyway but it is recommended to upgrade your PCRE extension.'
+            );
+        }
+
         $this->addRecommendation(
             class_exists('DomDocument'),
             'PHP-XML module should be installed',

diff --git a/app/config/config.yml b/app/config/config.yml
@@ -13,8 +13,8 @@ framework:
     csrf_protection: true
     validation:      { enable_annotations: true }
     templating:      { engines: ['twig'] } #assets_version: SomeVersionScheme
-    default_locale:  %locale%
-    trust_proxy_headers: false # Whether or not the Request object should trust proxy headers (X_FORWARDED_FOR/HTTP_CLIENT_IP)
+    default_locale:  "%locale%"
+    trusted_proxies: ~
     session:         ~
 
 # Twig Configuration

diff --git a/app/config/routing.yml b/app/config/routing.yml
@@ -1,4 +1,8 @@
 # Internal routing configuration to handle ESI
+# ****** WARNING ******
+# This route should be enabled with caution as it can open a security vulnerability
+# see http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released for more information
+# ****** WARNING ******
 #_internal:
 #    resource: "@FrameworkBundle/Resources/config/routing/internal.xml"
 #    prefix:   /_internal