Permalink
Commits on Nov 29, 2012
  1. Merge branch 'release/2.0.5'

    Release 2.0.5 preparation
    weierophinney committed Nov 29, 2012
  2. [2.0.5] Updated changelog

    weierophinney committed Nov 29, 2012
  3. Merge branch 'security/session-ip-validator'

    Fixes issues with proxy server/ip detection.
    
    Fixes #3095
    
    - However, a different approach is taken than that used in that pull request.
    weierophinney committed Nov 29, 2012
  4. Updated README.md

    - Outlines the security fixes for RemoteAddr session validator and ServerUrl
      view helper.
    weierophinney committed Nov 29, 2012
  5. Honor proxy protocol and port

    - Added support for detecting proxy port and scheme when $useProxy is
      true
    - Moved port and scheme detection to first retrieval
    weierophinney committed Nov 29, 2012
  6. Do not use proxy by default

    - By default, does not search X-Forwarded-Host
      - If "use proxy" flag is enabled, it will
    - Pushed header detection to last possible moment, to allow specifying
      the proxy flag
    weierophinney committed Nov 29, 2012
  7. Abstract remote IP address negotiation

    - Created Zend\Http\PhpEnvironment\RemoteAddress
    - Modified Zend\Session\Validator\RemoteAddr to use the above
    weierophinney committed Nov 29, 2012
  8. Allow specifying proxy header to use

    - Adds setProxyHeader static method, allowing developer to specify which
      header to use when testing for proxies
      - By default uses X-Forwarded-For
      - Normalizes header string name to work with $_SERVER
    weierophinney committed Nov 29, 2012
  9. Allow specifying list of trusted proxy IPs

    - Per http://en.wikipedia.org/wiki/X-Forwarded-For#Format -- trusted
      proxy server IPs should be removed from the list
    weierophinney committed Nov 29, 2012
  10. Fix handling of proxy addresses

    - Never use Client-IP header; untrustworthy
    - When multiple addresses are present in X-Forwaded-For header, use the
      rightmost, not leftmost. See:
    
        http://en.wikipedia.org/wiki/X-Forwarded-For#Format
    weierophinney committed Nov 29, 2012
Commits on Nov 26, 2012
  1. Merge branch 'hotfix/3045'

    Close #3045
    weierophinney committed Nov 26, 2012
  2. [#3045] Rename private variable

    - Remove double underscore prefix
    weierophinney committed Nov 26, 2012
Commits on Nov 21, 2012
  1. Merge commit 'refs/pull/3048/head' of github.com:zendframework/zf2 in…

    …to hotfix/fix-covers-tag
    Maks3w committed Nov 21, 2012
  2. Merge branch 'hotfix/cache-composer'

    Fix composer.json issue
    weierophinney committed Nov 21, 2012
  3. Fixes composer.json for Zend\Cache

    - s/self-version/self.version/
    weierophinney committed Nov 21, 2012
Commits on Nov 20, 2012
  1. Merge branch 'release/2.0.4'

    Preparing for 2.0.4 release
    weierophinney committed Nov 20, 2012
  2. [2.0.4] Updated changelog

    weierophinney committed Nov 20, 2012
  3. Merge branch 'hotfix/3031'

    Close #3031
    Fixes #2579
    Fixes #2999
    weierophinney committed Nov 20, 2012
  4. Zend\Db\Sql

    * A better fix and unit test for #2579 and #2999
    ralphschindler committed Nov 20, 2012
  5. Zend\Db\Sql

    * Added unit test for Zend\Db\Sql\Predicate\Between for ctor boundary checking
    ralphschindler committed Nov 20, 2012