php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-08-15 06:40:59 +08:00
Code Issues Packages Projects Releases Wiki Activity
20,186 Commits 9 Branches 79 Tags
Commit Graph

38 Commits

Author SHA1 Message Date
Bizley
161526cd41 HTTPS everywhere (#19503) 2022-08-03 12:32:18 +03:00
Alexander Makarov
827db6c90e Revert "Fix #19290: Fix Request::getHostInfo() doesn’t return the port if a Host header is used" 
This reverts commit 8046d3a50f207e1033e1b23ff571da5bced0c822.
 2022-07-01 10:28:31 +03:00
rhertogh
45519d3c18 Fix #19437: Add support to specify request port by trusted proxies in \yii\web\Request::getServerPort() 2022-06-17 20:18:18 +03:00
Alexey
8046d3a50f Fix #19290: Fix Request::getHostInfo() doesn’t return the port if a Host header is used 2022-04-16 00:37:55 +04:00
Anton
7ebaaf0216 Fix #18789: Added JSONP support in yii\web\JsonParser::parse() 2021-08-07 15:31:35 +03:00
olegbaturin
e83a86fd30 Fix #18648: Fix yii\web\Request to properly handle HTTP Basic Auth headers 2021-07-01 13:06:38 +03:00
Alexander Makarov
65e5640810 Fix #17932: Fix regression in detection of AJAX requests (#17937) 2020-03-26 12:30:56 +03:00
Igor Tarasov
7f88acb313 Fix #17878: Detect CORS AJAX requests without X-Requested-With in Request::getIsAjax() 2020-03-24 19:01:52 +03:00
Ather Shu
038ce9f77e Fix #17755: Fix a bug for web request with trustedHosts set to format ['10.0.0.1' => ['X-Forwarded-For']] 2020-01-15 15:51:57 +03:00
Somogyi Márton
5e71b11d8d #17733: Additional fixes for #17665, Forwarded header parsing in Request 
- Remove header from secure headers
- Regexp and return null fix
- Fix tests, fix in array case sensitivity, rx duplicated group name
- Simplify code
- Add phpdoc

Co-Authored-By: Alexander Makarov <sam@rmcreative.ru>
 2019-12-17 21:53:55 +03:00
Mikk Tendermann
83055dcc33 Fix #17665: Implement RFC 7239 Forwarded header parsing in Request 2019-12-12 23:29:54 +03:00
Somogyi Márton
6a2777fc6d Add Request tests for already resolved IP case #17521 (#17594) 2019-10-05 23:54:17 +03:00
Somogyi Márton
9054cdfdcc Fixes #17521: Request::getUserHost() and request::getUserIp() (#17593) 2019-10-05 22:33:29 +03:00
Somogyi Márton
c87855b31c Fix #17573: Request::getUserIP() security fix for the case when Request::$trustedHost and Request::$ipHeaders are used 2019-10-03 14:56:20 +03:00
SilverFire - Dmitry Naumenko
1e13bfd13d Fixed CSRF token check bypassing in Request::getMethod() 2018-11-23 12:55:16 +02:00
pgaultier
35ac718110 Fixes #16006: Handle case when X-Forwarded-Host header have multiple hosts separated with a comma 2018-03-31 16:17:16 +03:00
Alexander Makarov
7bafb7bf09 Fixes #14488: Added support for X-Forwarded-Host to yii\web\Request, fixed getServerPort() usage 2018-02-07 00:01:50 +03:00
Paul Klimov
acce1db53b Fixes #14135: Fixed yii\web\Request::getBodyParam() crashes on object type body params 2018-01-18 00:33:41 +03:00
Sam
4d388f6cd2 Fixes #15317: Regenerate CSRF token if an empty value is given 2017-12-14 12:14:51 +03:00
Gabriel Caruso
2992b9b09d Refactored tests with PHPUnit assert methods (#15260) 2017-11-30 22:10:31 +03:00
SilverFire - Dmitry Naumenko
ea2c475ea7 Moved HTTP_AUTHORIZATION header check to \yii\web\Request, added docs 
Closes #13564
 2017-10-08 23:22:11 +03:00
SilverFire - Dmitry Naumenko
1ce796ef0f Removed ability to define a hostname as trusted because of possible security issues 
Closes #14691
 2017-09-12 23:28:29 +03:00
Robert Korulczyk
5a8c3d537b Enable phpdoc_summary rule in php-cs-fixer config (#14675) 
* Enable `phpdoc_summary` rule in php-cs-fixer config.

* Fix case in "PHPDoc".
 2017-08-21 11:19:35 +02:00
Robert Korulczyk
0c0942d6e2 Enable phpdoc_add_missing_param_annotation rule in php-cs-fixer config. (#14681) [skip ci] 2017-08-21 01:57:23 +03:00
Robert Korulczyk
b99e955627 Fix CS (#14665) 
* Run php-cs-fixer.

* Enable phpdoc_types rule.
 2017-08-18 12:10:42 +02:00
Sam
0017d9c660 Fixes #13780: Added support for trusted proxies in yii\web\Request 2017-08-17 13:14:51 +03:00
Alexander Makarov
648971a82b Fixes #14542: Ensured only ASCII characters are in CSRF cookie value since binary data causes issues with ModSecurity and some browsers 2017-08-07 13:55:10 +03:00
yyxx9988
46bf3c410a Add yii\web\Request::getOrigin() method that returns HTTP_ORIGIN of current CORS request 
>The Origin request header indicates where a fetch originates from. It doesn't include any path information, but only the server name. It is sent with CORS requests, as well as with POST requests. It is similar to the Referer header, but, unlike this header, it doesn't disclose the whole path.

From https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin

Working code samples

```php
<?php

// We'll be granting access to only the arunranga.com domain
// which we think is safe to access this resource as application/xml

if($_SERVER['HTTP_ORIGIN'] == "http://arunranga.com") {
    header('Access-Control-Allow-Origin: http://arunranga.com');
    header('Content-type: application/xml');
    readfile('arunerDotNetResource.xml');
} else {
  header('Content-Type: text/html');
  echo "<html>";
  echo "<head>";
  echo "   <title>Another Resource</title>";
  echo "</head>";
  echo "<body>",
       "<p>This resource behaves two-fold:";
  echo "<ul>",
         "<li>If accessed from <code>http://arunranga.com</code> it returns an XML document</li>";
  echo   "<li>If accessed from any other origin including from simply typing in the URL into the browser's address bar,";
  echo   "you get this HTML document</li>",
       "</ul>",
     "</body>",
   "</html>";
}
?>
```
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Server-Side_Access_Control for more info.

close #13835
 2017-07-12 11:10:21 +02:00
Robert Korulczyk
ba0ab403b5 Added php-cs-fixer coding standards validation to Travis CI (#14100) 
* php-cs-fixer: PSR2 rule.

* php-cs-fixer: PSR2 rule - fix views.

* Travis setup refactoring.

* Add php-cs-fixer to travis cs tests.

* Fix tests on hhvm-3.12

* improve travis config

* composer update

* revert composer update

* improve travis config

* Fix CS.

* Extract config to separate classes.

* Extract config to separate classes.

* Add file header.

* Force short array syntax.

* binary_operator_spaces fixer

* Fix broken tests

* cast_spaces fixer

* concat_space fixer

* dir_constant fixer

* ereg_to_preg fixer

* function_typehint_space fixer

* hash_to_slash_comment fixer

* is_null fixer

* linebreak_after_opening_tag fixer

* lowercase_cast fixer

* magic_constant_casing fixer

* modernize_types_casting fixer

* native_function_casing fixer

* new_with_braces fixer

* no_alias_functions fixer

* no_blank_lines_after_class_opening fixer

* no_blank_lines_after_phpdoc fixer

* no_empty_comment fixer

* no_empty_phpdoc fixer

* no_empty_statement fixer

* no_extra_consecutive_blank_lines fixer

* no_leading_import_slash fixer

* no_leading_namespace_whitespace fixer

* no_mixed_echo_print fixer

* no_multiline_whitespace_around_double_arrow fixer

* no_multiline_whitespace_before_semicolons fixer

* no_php4_constructor fixer

* no_short_bool_cast fixer

* no_singleline_whitespace_before_semicolons fixer

* no_spaces_around_offset fixer

* no_trailing_comma_in_list_call fixer

* no_trailing_comma_in_singleline_array fixer

* no_unneeded_control_parentheses fixer

* no_unused_imports fixer

* no_useless_return fixer

* no_whitespace_before_comma_in_array fixer

* no_whitespace_in_blank_line fixer

* not_operator_with_successor_space fixer

* object_operator_without_whitespace fixer

* ordered_imports fixer

* php_unit_construct fixer

* php_unit_dedicate_assert fixer

* php_unit_fqcn_annotation fixer

* phpdoc_indent fixer

* phpdoc_no_access fixer

* phpdoc_no_empty_return fixer

* phpdoc_no_package fixer

* phpdoc_no_useless_inheritdoc fixer

* Fix broken tests

* phpdoc_return_self_reference fixer

* phpdoc_single_line_var_spacing fixer

* phpdoc_single_line_var_spacing fixer

* phpdoc_to_comment fixer

* phpdoc_trim fixer

* phpdoc_var_without_name fixer

* psr4 fixer

* self_accessor fixer

* short_scalar_cast fixer

* single_blank_line_before_namespace fixer

* single_quote fixer

* standardize_not_equals fixer

* ternary_operator_spaces fixer

* trailing_comma_in_multiline_array fixer

* trim_array_spaces fixer

* protected_to_private fixer

* unary_operator_spaces fixer

* whitespace_after_comma_in_array fixer

* `parent::setRules()` -> `$this->setRules()`

* blank_line_after_opening_tag fixer

* Update finder config.

* Revert changes for YiiRequirementChecker.

* Fix array formatting.

* Add missing import.

* Fix CS for new code merged from master.

* Fix some indentation issues.
 2017-06-12 12:25:45 +03:00
Sam Mousa
8ae207c3a1 Fixes #13837: Refactored masking of CSRF tokens 2017-04-02 02:10:16 +03:00
Alexander Makarov
3f8e8a89eb Used more specific unit test assertions in framework tests 2017-03-14 09:45:31 +03:00
gagatust
6397791513 Fixed whitespaces to match code style [skip ci] 2017-03-14 09:42:13 +03:00
Robert Korulczyk
63f95fa3ad Fixes #11309: Added yii\web\Request::getHostName() method that returns hostname of current request 2016-10-07 01:00:14 +03:00
Carsten Brandt
17d08cc0a4 fixed crash on non-string input to CSRF token 
fixes #11822

also adding proper unit tests for validate CSRF token.
 2016-06-25 18:22:27 +02:00
quantum
7b46bd1f7c Fixes #10451: Check of existence of $_SERVER in \yii\web\Request before using it 2016-02-15 23:22:45 +03:00
zetamen
df6f270a0e Fixes #9161: Fixed yii\web\Request ignore queryParams when resolve request 2015-07-21 10:40:31 +03:00
Alexander Makarov
372ff87ee4 Test for #8228 2015-06-17 23:14:33 +02:00
Alexander Makarov
6949992246 Simplified tests directory structure a bit 2015-04-16 12:10:01 +03:00