Merge branch '2.5' into 2.6

fabpot · fabpot · commit 73461e3f87d8 · 2015-01-07T15:31:37.000+01:00
* 2.5:
  bumped Symfony version to 2.5.10
  updated VERSION for 2.5.9
  updated CHANGELOG for 2.5.9
  bumped Symfony version to 2.3.25
  updated VERSION for 2.3.24
  update CONTRIBUTORS for 2.3.24
  Removed unneeded version requirements
  updated CHANGELOG for 2.3.24
  fixed tests
  [Security] Don't destroy the session on buggy php releases.

Conflicts:
	src/Symfony/Component/HttpKernel/Kernel.php
diff --git a/Http/Session/SessionAuthenticationStrategy.php b/Http/Session/SessionAuthenticationStrategy.php
@@ -47,7 +47,10 @@ public function onAuthentication(Request $request, TokenInterface $token)
                 return;
 
             case self::MIGRATE:
-                $request->getSession()->migrate(true);
+                // Destroying the old session is broken in php 5.4.0 - 5.4.10
+                // See php bug #63379
+                $destroy = PHP_VERSION_ID < 50400 || PHP_VERSION_ID >= 50411;
+                $request->getSession()->migrate($destroy);
 
                 return;
 
diff --git a/Http/Tests/Session/SessionAuthenticationStrategyTest.php b/Http/Tests/Session/SessionAuthenticationStrategyTest.php
@@ -39,13 +39,30 @@ public function testUnsupportedStrategy()
 
     public function testSessionIsMigrated()
     {
+        if (PHP_VERSION_ID >= 50400 && PHP_VERSION_ID < 50411) {
+            $this->markTestSkipped('We cannot destroy the old session on PHP 5.4.0 - 5.4.10.');
+        }
+
         $session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');
         $session->expects($this->once())->method('migrate')->with($this->equalTo(true));
 
         $strategy = new SessionAuthenticationStrategy(SessionAuthenticationStrategy::MIGRATE);
         $strategy->onAuthentication($this->getRequest($session), $this->getToken());
     }
 
+    public function testSessionIsMigratedWithPhp54Workaround()
+    {
+        if (PHP_VERSION_ID < 50400 || PHP_VERSION_ID >= 50411) {
+            $this->markTestSkipped('This PHP version is not affected.');
+        }
+
+        $session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');
+        $session->expects($this->once())->method('migrate')->with($this->equalTo(false));
+
+        $strategy = new SessionAuthenticationStrategy(SessionAuthenticationStrategy::MIGRATE);
+        $strategy->onAuthentication($this->getRequest($session), $this->getToken());
+    }
+
     public function testSessionIsInvalidated()
     {
         $session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');
