97a4d711ec
Merge branch 'master' into sync-master-2052.
2025-04-26 19:03:07 -04:00
3fa2d61e54
Fix #20175 : Fix bad result for pagination when used with GridView
2024-06-08 10:29:40 +03:00
52e4a3e645
release version 2.0.50
2024-05-30 20:23:31 +03:00
20d6c65db2
Merge branch 'master' into sync-to-master.
2024-03-20 06:11:31 -03:00
e2a167028b
Upgrade to PSR12 coding standard ( #20121 )
2024-03-19 17:21:27 +03:00
41c206d0d7
Remove deprecated methods to Security::class.
2023-09-21 10:38:15 -03:00
161526cd41
HTTPS everywhere ( #19503 )
2022-08-03 12:32:18 +03:00
4628b91e73
Fix types ( #19332 )
...
* Migration::upsert() returns void
* Unneeded `@property` tags
* Add missing `null` param/return types
* Null types for db\Query + db\ActiveQuery
* Fixed testSelect
2022-03-30 18:40:10 +02:00
1271bc419f
Fix #19041 : Fix PHP 8.1 issues
2022-01-14 13:52:01 +03:00
0041f034fd
[doc] Update PHP doc links ( #18957 )
...
* Replace https://secure.php.net with https://www.php.net
* Replace http://www.php.net with https://www.php.net
2021-10-19 14:50:26 +02:00
13f27e4d92
Fix #18817 : Use paragonie/random_compat for random bytes and int generation
2021-08-09 10:25:36 +03:00
700ac02706
release version 2.0.36
2020-07-08 00:45:32 +03:00
7eb184eadb
Fix #17999 : Fix skipping test case on PHP v >= 7.1 and LibreSSL version >= 2.15
2020-07-01 00:14:57 +03:00
e153c68768
Fix #17725 : Ensure we do not use external polyfills for pbkdf2() as these may be implemented incorrectly
2019-12-11 18:55:35 +03:00
331d997185
Noted in Security::encrypt* that data returned is byte string [skip ci]
2019-07-12 15:13:53 +03:00
bdb7c64910
Update to https protocol for php.net links ( #17168 ) [skip ci]
...
* Updated php.net link for some MemCache properties [skip ci]
* Changed protocol to https for links to php.net in comments
* Changed protocol to https for links to php.net in code
* Changed www.php.net (http) to secure.php.net (https) in comments
* Changed www.php.net (http) to secure.php.net (https) in code
* Changed protocol to https for links to php.net in UPGRADE.md
* Changed protocol to https for links to pecl.php.net in comments
* Changed us.php.net to secure.php.net (https) in comments
* Changed protocol to https for links to php.net in docs
* Changed www.php.net (http) to secure.php.net (https) in docs
* Changed protocol to https for links to pecl.php.net in docs
* Changed ru/jp.php.net to secure.php.net (https) in docs
Don't sure about russian guide: is this links meant to be for guide on russian, or not?
2019-02-28 13:09:27 +03:00
e6f5c46cdc
Fixes #15633 : Deprecate some things going away/changing in 2.1
...
- Deprecated `yii\base\BaseObject::className()` in favor of native PHP syntax `::class`, which does not trigger autoloading
- Deprecated XCache and Zend data cache support as caching backends
- Deprecated `yii\BaseYii::powered()` method
- Added `yii\base\InvalidArgumentException` and deprecated `yii\base\InvalidParamException`
- Added `yii\BaseYii::debug()` and deprecated `yii\BaseYii::trace()`
2018-02-11 01:48:29 +03:00
d7be512fa0
Fixes #10186 : Use native hash_equals in yii\base\Security::compareString() if available, throw exception if non-strings are compared
2018-01-18 01:58:32 +03:00
533f9edd35
generatePasswordHash() documentation example syntax error fixed
2018-01-05 17:47:20 +05:30
05f197825b
Fixes #15332 : Always check for availability of openssl_pseudo_random_bytes, even if LibreSSL is available
2017-12-12 11:25:12 +03:00
1501c659ac
Add empty lines before return statements. ( #14682 ) [skip ci]
2017-08-21 01:58:49 +03:00
ba0ab403b5
Added php-cs-fixer coding standards validation to Travis CI ( #14100 )
...
* php-cs-fixer: PSR2 rule.
* php-cs-fixer: PSR2 rule - fix views.
* Travis setup refactoring.
* Add php-cs-fixer to travis cs tests.
* Fix tests on hhvm-3.12
* improve travis config
* composer update
* revert composer update
* improve travis config
* Fix CS.
* Extract config to separate classes.
* Extract config to separate classes.
* Add file header.
* Force short array syntax.
* binary_operator_spaces fixer
* Fix broken tests
* cast_spaces fixer
* concat_space fixer
* dir_constant fixer
* ereg_to_preg fixer
* function_typehint_space fixer
* hash_to_slash_comment fixer
* is_null fixer
* linebreak_after_opening_tag fixer
* lowercase_cast fixer
* magic_constant_casing fixer
* modernize_types_casting fixer
* native_function_casing fixer
* new_with_braces fixer
* no_alias_functions fixer
* no_blank_lines_after_class_opening fixer
* no_blank_lines_after_phpdoc fixer
* no_empty_comment fixer
* no_empty_phpdoc fixer
* no_empty_statement fixer
* no_extra_consecutive_blank_lines fixer
* no_leading_import_slash fixer
* no_leading_namespace_whitespace fixer
* no_mixed_echo_print fixer
* no_multiline_whitespace_around_double_arrow fixer
* no_multiline_whitespace_before_semicolons fixer
* no_php4_constructor fixer
* no_short_bool_cast fixer
* no_singleline_whitespace_before_semicolons fixer
* no_spaces_around_offset fixer
* no_trailing_comma_in_list_call fixer
* no_trailing_comma_in_singleline_array fixer
* no_unneeded_control_parentheses fixer
* no_unused_imports fixer
* no_useless_return fixer
* no_whitespace_before_comma_in_array fixer
* no_whitespace_in_blank_line fixer
* not_operator_with_successor_space fixer
* object_operator_without_whitespace fixer
* ordered_imports fixer
* php_unit_construct fixer
* php_unit_dedicate_assert fixer
* php_unit_fqcn_annotation fixer
* phpdoc_indent fixer
* phpdoc_no_access fixer
* phpdoc_no_empty_return fixer
* phpdoc_no_package fixer
* phpdoc_no_useless_inheritdoc fixer
* Fix broken tests
* phpdoc_return_self_reference fixer
* phpdoc_single_line_var_spacing fixer
* phpdoc_single_line_var_spacing fixer
* phpdoc_to_comment fixer
* phpdoc_trim fixer
* phpdoc_var_without_name fixer
* psr4 fixer
* self_accessor fixer
* short_scalar_cast fixer
* single_blank_line_before_namespace fixer
* single_quote fixer
* standardize_not_equals fixer
* ternary_operator_spaces fixer
* trailing_comma_in_multiline_array fixer
* trim_array_spaces fixer
* protected_to_private fixer
* unary_operator_spaces fixer
* whitespace_after_comma_in_array fixer
* `parent::setRules()` -> `$this->setRules()`
* blank_line_after_opening_tag fixer
* Update finder config.
* Revert changes for YiiRequirementChecker.
* Fix array formatting.
* Add missing import.
* Fix CS for new code merged from master.
* Fix some indentation issues.
2017-06-12 12:25:45 +03:00
950e895fe0
Fix phpDocumentor annotations ( #13905 ) [skip ci]
2017-04-02 21:49:09 +03:00
8ae207c3a1
Fixes #13837 : Refactored masking of CSRF tokens
2017-04-02 02:10:16 +03:00
953a0bba2b
Fixes #13650 : Improved yii\base\Security::hkdf() to take advantage of native hash_hkdf() implementation in PHP >= 7.1.2
2017-02-27 13:32:48 +03:00
953c4a8e5a
Fixes #13407 : Added URL-safe base64 encode/decode methods to StringHelper
2017-02-22 16:54:27 +03:00
b8b3aeeb00
update deprecated phpdoc messages
2016-11-22 16:03:28 +01:00
7a3a342127
Fix errors reported by apidoc extension. ( #12986 )
2016-11-13 14:51:21 +01:00
4aa935e69e
Fixes #12055 : Changed boolean to bool and integer to int in phpdoc
2016-11-07 02:51:39 +03:00
32f4dc8997
Fixes #5385 : links created from classes to corresponding guide articles ( #12920 )
2016-11-04 18:55:14 +03:00
6c1fe1a137
Update Security.php
...
Corrected description for method decryptByKey().
2016-09-15 13:45:45 -03:00
e94b68436d
complete test coverage for reading /dev/urandom
...
fixes an issue with buffered reading
2016-04-28 11:45:37 +02:00
f2f082dbab
moved checks before random_bytes() to have consistent behavior accross php versions
2016-04-28 04:16:22 +02:00
0c6c1eebd1
Better buffer usage description as suggested by @tom--
...
https://github.com/yiisoft/yii2/pull/11285#discussion_r59960199
2016-04-16 12:45:23 +03:00
6a80a132e2
Converted constant into local variable #11285
2016-04-12 16:34:47 +03:00
81b18e1538
Fixed variable name
2016-04-06 10:59:17 +03:00
371440d59a
More Security component enhancements
...
- Removed PHP version checks since both are met by default because Yii requires 5.4.0+.
- Limit PHP fread buffer in order to prevent entropy wasting.
- Fixed incorrect bytes to read calculation.
- Added more notes explaining decisions.
2016-04-06 03:35:52 +03:00
c455a3c54b
Security component enhancements
...
- Added tests for random key generation speed.
- Better generateRandomKey() performance for small reads because of using fopen + buffered read and local caching of source detection.
- Use /dev/random on FreeBSD.
2016-04-06 01:49:07 +03:00
191f2a4943
fixed phpdoc type names
2016-02-25 20:24:32 +01:00
f620f4de90
phpdoc fixes
2016-02-07 19:48:13 +01:00
40fc49bf16
remove obsolete @throw tags
2016-01-04 15:08:04 -05:00
ba19858e58
move private state var also
2015-12-20 21:28:03 -05:00
83b61eae43
move "private" consts before generateRandomKey()
2015-12-20 21:25:33 -05:00
358e9115ed
comment lstat
2015-12-20 21:21:34 -05:00
e7a888ad11
use file_get_contents and not magic numbers
2015-12-20 11:48:36 -05:00
1f41a2c9af
Fixes #9878,9879,9880: Make \base\Security use random_bytes(), LibreSSL, mcrypt, limit OpenSSL to Windows, and to prefer password_hash() over crypt()
2015-12-19 13:13:23 +03:00
cd87d67f34
Global DOCS update: ~~~ replaced with ```
2015-12-02 23:15:28 +02:00
e1509bfe73
Fix methods references
2015-11-25 12:04:43 +02:00
6d9fe671de
various code style and whitespace adjustments
2015-08-02 00:27:19 +02:00
6a4436f95b
[ Fixes #9177 ] Password Hash Cost setting for Security component
2015-07-23 09:09:55 +02:00
