Skip to content
Commits on May 11, 2015
  1. @weierophinney

    Fix CS issue

    weierophinney committed
  2. @weierophinney

    [2.4.2] Release readiness

    weierophinney committed
    - Updated README with version, date, and important changes
    - Updated CHANGELOG with fixed issues
    - Updated VERSION constant
  3. @weierophinney

    Merge branch 'hotfix/7513' into develop

    weierophinney committed
    Forward port #7513
  4. @weierophinney

    Merge branch 'hotfix/7513'

    weierophinney committed
    Close #7513
    Fixes #7512
  5. @weierophinney

    Merge pull request #7513 from Maks3w/hotfix/ldap-converter-exception

    weierophinney committed
    [ldap] Fix exceptions while parsing are not captured.
  6. @weierophinney

    Merge branch 'hotfix/7503' into develop

    weierophinney committed
    Forward port #7503
  7. @weierophinney

    Merge branch 'hotfix/7503'

    weierophinney committed
    Close #7514
    Fixes #7503
  8. @weierophinney

    [#7503] Pass the `\r\n` sequence to Part::getHeadersAsArray()

    weierophinney committed
    Per the gist provided by @Qronicle, I've created a unit test against
    `Zend\Mail\Message`, and a proposed fix.
    
    `Zend\Mime\Part::getHeadersAsArray()` accepts an optional argument, the line
    separator sequence. This defaults to `\n`, but for mail messages, should be
    `\r\n`. The proposed patch passes that argument when retrieving MIME headers to
    include in the mail message.
  9. @Maks3w
Commits on May 8, 2015
  1. @weierophinney

    Merge branch 'hotfix/7507' into develop

    weierophinney committed
    Forward port #7507
  2. @weierophinney

    Merge branch 'hotfix/7507'

    weierophinney committed
    Close #7507
    Fixes #7502
    Fixes #7505
  3. @weierophinney
  4. @weierophinney

    Merge pull request #7507 from Maks3w/hotfix/http-cookie

    weierophinney committed
    [http] Allow serialize any character on cookies
  5. @weierophinney

    Merge branch 'hotfix/7506' into develop

    weierophinney committed
    Forward port #7506
  6. @weierophinney

    Merge branch 'hotfix/7506'

    weierophinney committed
    Close #7506
  7. @weierophinney

    CS and review

    weierophinney committed
    - Fixed CS issues reported by php-cs-fixer
    - Return without re-assignment where possible
    - Remove else statements when conditional returns
    - Consistency
  8. @weierophinney

    Merge pull request #7506 from Maks3w/hotfix/mail-utf8

    weierophinney committed
    [mail] Fix set UTF-8 values to headers. Fix #7501
  9. @Maks3w

    Fix wrong tests

    Maks3w committed
  10. @weierophinney

    Merge pull request #7506 from Maks3w/hotfix/mail-utf8

    weierophinney committed
    [mail] Fix set UTF-8 values to headers. Fix #7501
  11. @Maks3w
  12. @Maks3w

    Fix tests

    Maks3w committed
  13. @Maks3w
  14. @Maks3w

    Apply feedback

    Maks3w committed
  15. @Maks3w

    Fix docblock

    Maks3w committed
  16. @Maks3w
  17. @Maks3w
Commits on May 7, 2015
  1. @weierophinney

    Merge branch 'version/bump' into develop

    weierophinney committed
    Bump to next dev version
    
    Conflicts:
    	README.md
    	library/Zend/Version/Version.php
  2. @weierophinney

    Merge branch 'version/bump'

    weierophinney committed
    Bump to 2.4.2dev
  3. @weierophinney

    Bump to next dev version

    weierophinney committed
    2.4.2dev
  4. @weierophinney

    Merge branch 'releases/2.4.1' into develop

    weierophinney committed
    2.4.1 release readiness
    
    Conflicts:
    	README.md
    	library/Zend/Version/Version.php
  5. @weierophinney

    Merge branch 'releases/2.4.1'

    weierophinney committed
    2.4.1 release readiness
  6. @weierophinney

    [2.4.1] Release readiness

    weierophinney committed
    - Updated README with details on ZF2015-04, new version, and release date.
    - Updated CHANGELOG with new version and date, and details on ZF2015-04.
    - Updated VERSION constant to 2.4.1.
  7. @weierophinney
  8. @weierophinney

    Merge branch 'security/zf2015-04'

    weierophinney committed
    ZF2015-04
  9. @weierophinney

    [ZF2015-04] Prevent HTTP Response Splitting and Mail Message Splittin…

    Zend Framework Security Team committed with weierophinney
    …g vectors
    
    This patch implements a layered approach for detecting and preventing CRLF
    Injection Attacks in the `Zend\Http` and `Zend\Mail` components. The approach
    provides utilities in each component for the following:
    
    - validating that header values follow the appropriate specification with
      regards to allowed characters and multiline sequences (header folding).
    - filtering header values according to the appropriate specification; the
      filtering provided is lossy, and removes any invalid characters.
    - asserting a header value is valid (essentially, raising an exception when
      invalid).
    
    All header classes have been updated to validate values (and, in the case of
    `Zend\Mail`, the header names as well), and to raise an exception for invalid
    cases. This treatment also applies to deserialization.
    
    Users must now perform one or more of the following in order to deal with
    invalid headers:
    
    - Wrap header operations in a try/catch block.
    - Perform a validation check prior to executing a header operation.
    - Filter values passed to header operations.
Something went wrong with that request. Please try again.