Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Nov 29, 2012
  1. Matthew Weier O'Phinney

    Merge branch 'release/2.0.5'

    weierophinney authored
    Release 2.0.5 preparation
  2. Matthew Weier O'Phinney
  3. Matthew Weier O'Phinney
  4. Matthew Weier O'Phinney

    Merge branch 'security/session-ip-validator'

    weierophinney authored
    Fixes issues with proxy server/ip detection.
    
    Fixes #3095
    
    - However, a different approach is taken than that used in that pull request.
  5. Matthew Weier O'Phinney

    Updated README.md

    weierophinney authored
    - Outlines the security fixes for RemoteAddr session validator and ServerUrl
      view helper.
  6. Matthew Weier O'Phinney

    Honor proxy protocol and port

    weierophinney authored
    - Added support for detecting proxy port and scheme when $useProxy is
      true
    - Moved port and scheme detection to first retrieval
  7. Matthew Weier O'Phinney

    Do not use proxy by default

    weierophinney authored
    - By default, does not search X-Forwarded-Host
      - If "use proxy" flag is enabled, it will
    - Pushed header detection to last possible moment, to allow specifying
      the proxy flag
  8. Matthew Weier O'Phinney

    Abstract remote IP address negotiation

    weierophinney authored
    - Created Zend\Http\PhpEnvironment\RemoteAddress
    - Modified Zend\Session\Validator\RemoteAddr to use the above
  9. Matthew Weier O'Phinney

    Allow specifying proxy header to use

    weierophinney authored
    - Adds setProxyHeader static method, allowing developer to specify which
      header to use when testing for proxies
      - By default uses X-Forwarded-For
      - Normalizes header string name to work with $_SERVER
  10. Matthew Weier O'Phinney

    Allow specifying list of trusted proxy IPs

    weierophinney authored
    - Per http://en.wikipedia.org/wiki/X-Forwarded-For#Format -- trusted
      proxy server IPs should be removed from the list
  11. Matthew Weier O'Phinney

    Fix handling of proxy addresses

    weierophinney authored
    - Never use Client-IP header; untrustworthy
    - When multiple addresses are present in X-Forwaded-For header, use the
      rightmost, not leftmost. See:
    
        http://en.wikipedia.org/wiki/X-Forwarded-For#Format
Commits on Nov 26, 2012
  1. Matthew Weier O'Phinney

    Merge branch 'hotfix/3045'

    weierophinney authored
    Close #3045
  2. Matthew Weier O'Phinney

    [#3045] Rename private variable

    weierophinney authored
    - Remove double underscore prefix
  3. Matthew Weier O'Phinney
Commits on Nov 21, 2012
  1. Maks3w
  2. Maks3w
  3. Maks3w
  4. Maks3w

    Merge commit 'refs/pull/3048/head' of github.com:zendframework/zf2 in…

    Maks3w authored
    …to hotfix/fix-covers-tag
  5. Maks3w
  6. Marco Pivetta
  7. Enrico Zimuel
  8. Abdul Malik Ikhsan
  9. Abdul Malik Ikhsan
  10. Matthew Weier O'Phinney

    Merge branch 'hotfix/cache-composer'

    weierophinney authored
    Fix composer.json issue
  11. Matthew Weier O'Phinney

    Fixes composer.json for Zend\Cache

    weierophinney authored
    - s/self-version/self.version/
Commits on Nov 20, 2012
  1. Matthew Weier O'Phinney
  2. Matthew Weier O'Phinney
  3. Matthew Weier O'Phinney

    Merge branch 'release/2.0.4'

    weierophinney authored
    Preparing for 2.0.4 release
  4. Matthew Weier O'Phinney
  5. Matthew Weier O'Phinney
  6. Matthew Weier O'Phinney

    Merge branch 'hotfix/3031'

    weierophinney authored
    Close #3031
    Fixes #2579
    Fixes #2999
  7. Ralph Schindler

    Zend\Db\Sql

    ralphschindler authored
    * A better fix and unit test for #2579 and #2999
  8. Ralph Schindler

    Zend\Db\Sql

    ralphschindler authored
    * Added unit test for Zend\Db\Sql\Predicate\Between for ctor boundary checking
  9. Ralph Schindler
  10. Enrico Zimuel
Something went wrong with that request. Please try again.