473ead8e46
Optimize: simplified regexp ( #19541 )
2022-09-06 09:42:58 +03:00
22614a5b1f
release version 2.0.46
2022-08-19 01:18:45 +03:00
161526cd41
HTTPS everywhere ( #19503 )
2022-08-03 12:32:18 +03:00
827db6c90e
Revert "Fix #19290 : Fix Request::getHostInfo() doesn’t return the port if a Host header is used"
...
This reverts commit 8046d3a50f207e1033e1b23ff571da5bced0c822.
2022-07-01 10:28:31 +03:00
45519d3c18
Fix #19437 : Add support to specify request port by trusted proxies in \yii\web\Request::getServerPort()
2022-06-17 20:18:18 +03:00
e39e744b45
Fix #19384 : Normalize setBodyParams() and getBodyParam() in yii\web\Request
2022-05-23 10:39:33 +04:00
8046d3a50f
Fix #19290 : Fix Request::getHostInfo() doesn’t return the port if a Host header is used
2022-04-16 00:37:55 +04:00
4628b91e73
Fix types ( #19332 )
...
* Migration::upsert() returns void
* Unneeded `@property` tags
* Add missing `null` param/return types
* Null types for db\Query + db\ActiveQuery
* Fixed testSelect
2022-03-30 18:40:10 +02:00
0792736b35
release version 2.0.45
2022-02-11 16:12:40 +03:00
1271bc419f
Fix #19041 : Fix PHP 8.1 issues
2022-01-14 13:52:01 +03:00
655786b7ed
release version 2.0.44
2021-12-30 10:50:56 +03:00
552593ca3b
Prepare for new apidoc (part 2) ( #19010 )
...
* Fix broken links for events with different namespace
* Fix broken links in see tag
* Fix broken links in see tag (loadData())
* Fix broken link for var_export()
* Fix broken link for CVE
* Remove redundant markdown link wrap in see tags
* Remove see tags that refer to private properties
* Remove more see tags that refer to private properties
* Remove see tags that refer to private methods
* Remove one more redundant markdown link wrap in see tag [skip ci]
* Fix typo in see tag (causes broken link)
* Remove more see tags that refer to private methods
2021-11-18 10:10:09 +03:00
fa6f0ef658
Fix variable references in phpdoc ( #19006 )
2021-11-10 13:26:55 +03:00
0041f034fd
[doc] Update PHP doc links ( #18957 )
...
* Replace https://secure.php.net with https://www.php.net
* Replace http://www.php.net with https://www.php.net
2021-10-19 14:50:26 +02:00
175f66e6e0
Fix #18908 : Add stdClass as possible return type to getBodyParams ( #18918 )
2021-10-01 23:23:30 +03:00
df6e5869bd
docs: update RFC 7239 link ( #18839 )
...
fix #18838
2021-08-16 17:26:31 +02:00
e83a86fd30
Fix #18648 : Fix yii\web\Request to properly handle HTTP Basic Auth headers
2021-07-01 13:06:38 +03:00
88a7a00458
release version 2.0.42
2021-05-06 00:08:29 +03:00
209cf9b2de
Improve docs
2021-04-30 09:55:46 +02:00
f935065bca
Fix #18518 : Add support for ngrok’s X-Original-Host header
2021-02-16 20:04:58 +03:00
ccb14ff667
release version 2.0.39
2020-11-10 13:58:35 +03:00
65e5640810
Fix #17932 : Fix regression in detection of AJAX requests ( #17937 )
2020-03-26 12:30:56 +03:00
7f88acb313
Fix #17878 : Detect CORS AJAX requests without X-Requested-With in Request::getIsAjax()
2020-03-24 19:01:52 +03:00
7ec7fd11ee
Fix #17878 : Added note about fetch() to Request::getIsAjax() phpdoc [skip ci]
2020-02-20 01:10:59 +03:00
038ce9f77e
Fix #17755 : Fix a bug for web request with trustedHosts set to format ['10.0.0.1' => ['X-Forwarded-For']]
2020-01-15 15:51:57 +03:00
5e71b11d8d
#17733 : Additional fixes for #17665 , Forwarded header parsing in Request
...
- Remove header from secure headers
- Regexp and return null fix
- Fix tests, fix in array case sensitivity, rx duplicated group name
- Simplify code
- Add phpdoc
Co-Authored-By: Alexander Makarov <sam@rmcreative.ru>
2019-12-17 21:53:55 +03:00
83055dcc33
Fix #17665 : Implement RFC 7239 Forwarded header parsing in Request
2019-12-12 23:29:54 +03:00
9054cdfdcc
Fixes #17521 : Request::getUserHost() and request::getUserIp() ( #17593 )
2019-10-05 22:33:29 +03:00
c87855b31c
Fix #17573 : Request::getUserIP() security fix for the case when Request::$trustedHost and Request::$ipHeaders are used
2019-10-03 14:56:20 +03:00
55418776d4
Fixes #17215 : Improved security for servers running PHP 7.0.0+
2019-03-20 14:38:12 +03:00
bdb7c64910
Update to https protocol for php.net links ( #17168 ) [skip ci]
...
* Updated php.net link for some MemCache properties [skip ci]
* Changed protocol to https for links to php.net in comments
* Changed protocol to https for links to php.net in code
* Changed www.php.net (http) to secure.php.net (https) in comments
* Changed www.php.net (http) to secure.php.net (https) in code
* Changed protocol to https for links to php.net in UPGRADE.md
* Changed protocol to https for links to pecl.php.net in comments
* Changed us.php.net to secure.php.net (https) in comments
* Changed protocol to https for links to php.net in docs
* Changed www.php.net (http) to secure.php.net (https) in docs
* Changed protocol to https for links to pecl.php.net in docs
* Changed ru/jp.php.net to secure.php.net (https) in docs
Don't sure about russian guide: is this links meant to be for guide on russian, or not?
2019-02-28 13:09:27 +03:00
e4eaccc14d
Merge branch 'security'
2019-01-28 22:50:38 +02:00
a140b2b468
Fixes #16991 : Removed usage of utf8_encode() from Request::resolvePathInfo()
2019-01-03 17:36:16 -05:00
1e13bfd13d
Fixed CSRF token check bypassing in Request::getMethod()
2018-11-23 12:55:16 +02:00
15dfbb0875
Fixes #16322 : Fixed strings were not were not compared using timing attack resistant approach while CSRF token validation
2018-05-30 22:48:07 +03:00
6dd2aec011
[minor]: SCA ( #16269 )
...
* Php Inspections (EA Ultimate): minor code tweaks
* Php Inspections (EA Ultimate): code style
* Php Inspections (EA Ultimate): code style
* Php Inspections (EA Ultimate): code style
2018-05-14 12:00:01 +03:00
35ac718110
Fixes #16006 : Handle case when X-Forwarded-Host header have multiple hosts separated with a comma
2018-03-31 16:17:16 +03:00
1a74b3d4f8
[minor] SCA with Php Inspections (EA Ultimate) ( #15871 )
...
* Php Inspections (EA Ultimate): use type casting where applicable
* Php Inspections (EA Ultimate): use constants where applicable
* Php Inspections (EA Ultimate): CS
* Php Inspections (EA Ultimate): address some of one-time used variables
* Php Inspections (EA Ultimate): address some of performance-related findings
* Php Inspections (EA Ultimate): address some of performance-related findings
* Php Inspections (EA Ultimate): revert a constant usage
* Php Inspections (EA Ultimate): revert sequential assignments
* Php Inspections (EA Ultimate): build is green again
* Php Inspections (EA Ultimate): revert array_merge tweaks
* Php Inspections (EA Ultimate): revert BC-incompatible one-time used variable tweak
* Update description [skip ci]
* Php Inspections (EA Ultimate): CS
2018-03-12 01:37:19 +03:00
f10cb6aeee
SCA with Php Inspections (EA Ultimate)
2018-02-27 19:13:22 +01:00
e493843b1c
improve @deprecated annotations
2018-02-16 11:19:00 +01:00
7bafb7bf09
Fixes #14488 : Added support for X-Forwarded-Host to yii\web\Request, fixed getServerPort() usage
2018-02-07 00:01:50 +03:00
acce1db53b
Fixes #14135 : Fixed yii\web\Request::getBodyParam() crashes on object type body params
2018-01-18 00:33:41 +03:00
0b413b0e08
Fixed PHP 5.4 compatibility
2017-12-14 14:12:50 +03:00
4d388f6cd2
Fixes #15317 : Regenerate CSRF token if an empty value is given
2017-12-14 12:14:51 +03:00
2d672b6722
release version 2.0.13
2017-11-03 01:09:29 +03:00
d11bed5340
Minor, added strict comparsion
2017-10-08 23:35:36 +03:00
ea2c475ea7
Moved HTTP_AUTHORIZATION header check to \yii\web\Request, added docs
...
Closes #13564
2017-10-08 23:22:11 +03:00
3ee7629f13
Fixes #13486 : Use DI container to instantiate cookies in order to be able to set defaults
2017-10-05 14:41:46 +02:00
1ce796ef0f
Removed ability to define a hostname as trusted because of possible security issues
...
Closes #14691
2017-09-12 23:28:29 +03:00
1278b018fa
Add IIS specific header to secure headers ( #14715 )
...
See https://github.com/yiisoft/yii2/issues/14400#issuecomment-324233065
for more details.
2017-08-25 13:31:27 +03:00
