Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Nov 29, 2012
  1. @weierophinney

    Merge branch 'release/2.0.5'

    weierophinney authored
    Release 2.0.5 preparation
  2. @weierophinney
  3. @weierophinney
  4. @weierophinney

    Merge branch 'security/session-ip-validator'

    weierophinney authored
    Fixes issues with proxy server/ip detection.
    
    Fixes #3095
    
    - However, a different approach is taken than that used in that pull request.
  5. @weierophinney

    Updated README.md

    weierophinney authored
    - Outlines the security fixes for RemoteAddr session validator and ServerUrl
      view helper.
  6. @weierophinney

    Honor proxy protocol and port

    weierophinney authored
    - Added support for detecting proxy port and scheme when $useProxy is
      true
    - Moved port and scheme detection to first retrieval
  7. @weierophinney

    Do not use proxy by default

    weierophinney authored
    - By default, does not search X-Forwarded-Host
      - If "use proxy" flag is enabled, it will
    - Pushed header detection to last possible moment, to allow specifying
      the proxy flag
  8. @weierophinney

    Abstract remote IP address negotiation

    weierophinney authored
    - Created Zend\Http\PhpEnvironment\RemoteAddress
    - Modified Zend\Session\Validator\RemoteAddr to use the above
  9. @weierophinney

    Allow specifying proxy header to use

    weierophinney authored
    - Adds setProxyHeader static method, allowing developer to specify which
      header to use when testing for proxies
      - By default uses X-Forwarded-For
      - Normalizes header string name to work with $_SERVER
  10. @weierophinney

    Allow specifying list of trusted proxy IPs

    weierophinney authored
    - Per http://en.wikipedia.org/wiki/X-Forwarded-For#Format -- trusted
      proxy server IPs should be removed from the list
  11. @weierophinney

    Fix handling of proxy addresses

    weierophinney authored
    - Never use Client-IP header; untrustworthy
    - When multiple addresses are present in X-Forwaded-For header, use the
      rightmost, not leftmost. See:
    
        http://en.wikipedia.org/wiki/X-Forwarded-For#Format
Commits on Nov 26, 2012
  1. @weierophinney

    Merge branch 'hotfix/3045'

    weierophinney authored
    Close #3045
  2. @weierophinney

    [#3045] Rename private variable

    weierophinney authored
    - Remove double underscore prefix
  3. @weierophinney
Commits on Nov 21, 2012
  1. @Maks3w
  2. @Maks3w
  3. @Maks3w
  4. @Maks3w

    Merge commit 'refs/pull/3048/head' of github.com:zendframework/zf2 in…

    Maks3w authored
    …to hotfix/fix-covers-tag
  5. @Maks3w
  6. @Ocramius
  7. @ezimuel
  8. @samsonasik
  9. @samsonasik
  10. @weierophinney

    Merge branch 'hotfix/cache-composer'

    weierophinney authored
    Fix composer.json issue
  11. @weierophinney

    Fixes composer.json for Zend\Cache

    weierophinney authored
    - s/self-version/self.version/
Commits on Nov 20, 2012
  1. @weierophinney
  2. @weierophinney
  3. @weierophinney

    Merge branch 'release/2.0.4'

    weierophinney authored
    Preparing for 2.0.4 release
  4. @weierophinney
  5. @weierophinney
  6. @weierophinney

    Merge branch 'hotfix/3031'

    weierophinney authored
    Close #3031
    Fixes #2579
    Fixes #2999
  7. @ralphschindler

    Zend\Db\Sql

    ralphschindler authored
    * A better fix and unit test for #2579 and #2999
  8. @ralphschindler

    Zend\Db\Sql

    ralphschindler authored
    * Added unit test for Zend\Db\Sql\Predicate\Between for ctor boundary checking
  9. @ralphschindler
  10. @ezimuel
Something went wrong with that request. Please try again.