php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-08-13 22:06:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
20,762 Commits 9 Branches 79 Tags
Commit Graph

44 Commits

Author SHA1 Message Date
Sonia Zorba
2995696db9 Added section about Unsafe Reflection in Security best practices doc (#19948) 
Co-authored-by: Bizley <pawel.bizley@gmail.com>
 2023-09-19 10:24:11 +02:00
Ihor Sychevskyi
b520f57c4e Update protocol links (#19658) 2022-11-06 11:26:43 +04:00
Andrew Dawes
7c26670f4d Fixed several typos and grammar errors (#19639) 2022-10-22 15:35:53 +02:00
Bizley
161526cd41 HTTPS everywhere (#19503) 2022-08-03 12:32:18 +03:00
Ihor Sychevskyi
9bcc8c8e83 update links (en) (#19222) 
Co-authored-by: Bizley <pawel@positive.codes>
 2022-02-12 17:43:48 +01:00
Alexey Rogachev
717a883d58 Fix #19042: Fix broken link (https://owasp.org/index.php/Top_10_2007-Information_Leakage) (#19043) 2021-11-23 21:32:17 +03:00
Ihor Sychevskyi
7d789bd0a6 update Exception Handling link (#19035) 2021-11-22 08:25:26 +01:00
Ihor Sychevskyi
e00b6d607d update SameSite link (#19029) 2021-11-19 10:21:33 +01:00
Ihor Sychevskyi
ac454a90d1 update csrf link (#19023) 2021-11-16 08:39:47 +01:00
Ihor Sychevskyi
8585ba3a18 update SQL Injection link (#19015) 2021-11-12 09:36:01 +01:00
Ihor Sychevskyi
db8de0e57f update Cross Site Scripting link (#19002) 2021-11-08 09:05:50 +01:00
Ihor Sychevskyi
1a571f2c4b update code Injection link (#18999) 2021-11-04 08:48:33 +01:00
Ihor Sychevskyi
817f956013 update Command Injection link (#18989) 2021-10-31 09:10:32 +01:00
Ihor Sychevskyi
577b68b7d5 update Data Validation link (#18980) 2021-10-28 08:01:26 +02:00
Alexander Makarov
6b1750d35f Add note about updating cacert.pem 2021-03-03 15:48:49 +03:00
Alexander Makarov
daafa44d57 Add "Configuring SSL peer validation" to security best practices guide 2021-03-03 03:21:50 +03:00
Nobuo Kihara
4a9c82f9ab Fix typos in documentation, update Japanese translation (#17551) [skip ci] 2019-09-09 17:06:25 +03:00
rhertogh
1ed6ec1e5c Fixes #17353: Added sameSite support for yii\web\Cookie and yii\web\Session::cookieParams 2019-06-11 00:33:36 +03:00
Maxim Tugaev
31d3850a13 Fix typos in docs (#17084) [skip ci] 2019-01-30 01:06:13 +03:00
Carsten Brandt
bbdb3ee722 update CSRF docs 2018-10-05 11:14:04 +02:00
paresh27
96a0372ec1 Update security-best-practices.md (#16036) [skip ci] 2018-04-04 16:14:42 +03:00
Angel Guevara
519753d868 Added missing parts of disabling CSRF validation doc [skip ci] (#13966) 2017-04-12 01:55:13 +03:00
Alexey Rogachev
9445e5508b Fixes #10675: Added docs for disabling CSRF validation in standalone actions 2017-04-11 02:05:36 +03:00
Carsten Brandt
5727699445 Aadded OWASP references to security guide (#13667) [skip ci] 
Currently security guide is very thrifty with information on what a topic is about. So for beginners it is not clear why something like CSRF or XSS protection is even needed.

I added a few reference links to allow reading about more background behind the topics.
 2017-02-27 11:31:04 +03:00
Robert Korulczyk
35998449eb Add yii\filters\HostControl::$fallbackHostInfo (#13117) 2016-12-03 08:25:39 +02:00
Klimov Paul
7da77c3d5a created HostControl filter to prevent Host header attacks 
fixes #13050
close #13063
 2016-12-01 00:59:26 +01:00
Carsten Brandt
a498dedb5c Added documentation about Host header attack (#13073) 
* Added documentation about Host header attack

Added info about Host header attack (#13050) to the guide and the Request class.
When we introduce a filter or property to protect against this, these
sections should be updated to link to that option.
 2016-11-26 21:57:52 +01:00
Alexey Rogachev
f4e54a1b5a Fixed typo in get parameter in docs [skip ci] (#13066) 2016-11-24 11:52:44 +03:00
SilverFire - Dmitry Naumenko
685f16e8ef 📖 Updated guide pages - wrap true, false, null 2016-09-20 10:49:15 +03:00
Dmitriy Makarov
383de6f051 📖 Fix typo [skip ci] 2016-08-25 08:23:11 +03:00
Alexander Makarov
63cac32fbc Cleaned up security guide 2016-05-01 00:19:55 +03:00
Alexander Makarov
9a842d25e5 Better docs wording as suggested in 752d537998f71a568a035a3ac69e69f2c4a8f22b 2016-04-30 19:18:59 +03:00
Alexander Makarov
752d537998 Fixes #11367: mentioned securing connection with TLS in security best practices 2016-04-30 17:35:55 +03:00
Dmitry Naumenko
9f1a0aed3d Text style fixes 2015-05-12 11:36:25 +03:00
Dmitry Naumenko
65048c87ed Updated guide/security-best-practices 
A little bit more information about the CSRF
 2015-05-12 11:05:34 +03:00
Nobuo Kihara
82036a9841 docs/guide/security-best-practices.md - small fix [ci skip] 2015-02-21 17:31:47 +09:00
Alexander Makarov
c8e56d178b Added intro to CSRF to security-best-practices 2015-02-19 22:44:57 +03:00
alejandrochen
f8971c7644 Update security-best-practices.md 
proerly -> properly
 2015-02-11 15:57:01 -03:00
Nobuo Kihara
5549149433 docs/guide/security-best-practices.md - minor fix [ci skip] 2014-12-23 08:26:21 +09:00
Alexander Makarov
37ec930feb Added note on how to deal with filtering column names 2014-12-17 16:32:10 +03:00
Alexander Makarov
874c6331d2 A plan on security guide CSRF section 2014-12-14 23:51:14 +03:00
pana1990
0f0d9020b3 fix mistake small [skip ci] 2014-12-14 18:01:41 +01:00
Alexander Makarov
996856c04c Security best practices guide 2014-12-14 18:34:20 +03:00
Carsten Brandt
d68d8628fa created stub documentation files for TDB sections 
to avoid issues about 404 links in the guide
 2014-10-18 18:58:59 +02:00