Merge branch '2.6' into 2.7

* 2.6:
  [HttpFoundation] MongoDbSessionHandler::read() now checks for valid session age
  Changed visibility of setUp() and tearDown to protected
  [WebProfilerBundle] Set debug+charset on the ExceptionHandler fallback
  Added default button class
  used HTML5 meta charset tag and removed hardcoded ones
  Revert "bug #13715 Enforce UTF-8 charset for core controllers (WouterJ)"
  fixed XSS in the exception handler
  Php Inspections (EA Extended) - static code analysis includes:
  [2.3] Remove most refs uses
  Test with local components instead of waiting for the subtree-splitter when possible

Conflicts:
	.travis.yml

1 files changed, 1 insertions, 1 deletions

diff --git a/Http/EntryPoint/DigestAuthenticationEntryPoint.php b/Http/EntryPoint/DigestAuthenticationEntryPoint.php
index 8143a41..89f80ad 100644
--- a/Http/EntryPoint/DigestAuthenticationEntryPoint.php
+++ b/Http/EntryPoint/DigestAuthenticationEntryPoint.php
@@ -50,7 +50,7 @@ class DigestAuthenticationEntryPoint implements AuthenticationEntryPointInterfac
         $authenticateHeader = sprintf('Digest realm="%s", qop="auth", nonce="%s"', $this->realmName, $nonceValueBase64);
 
         if ($authException instanceof NonceExpiredException) {
-            $authenticateHeader = $authenticateHeader.', stale="true"';
+            $authenticateHeader .= ', stale="true"';
         }
 
         if (null !== $this->logger) {