octicon-mirror(24/)
php/yii2
octicon-rss(16/)
1
0
octicon-repo-forked(16/)Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-11-10 02:13:17 +08:00
octicon-code(16/) Code octicon-issue-opened(16/) Issues octicon-package(16/) Packages octicon-project(16/) Projects octicon-tag(16/) Releases octicon-book(16/) Wiki octicon-pulse(16/) Activity
octicon-history(16/) 16,866 Commits octicon-git-branch(16/) 10 Branches octicon-tag(16/) 79 Tags
octicon-git-commit(16/) b6a5697c005ef415b2d63b4bf9b7fba9486c712c octicon-triangle-down(14/dropdown icon)
octicon-git-branch(16/) Commit Graph

138 Commits

Author SHA1 Message Date
Alexander Makarov
648971a82b Fixes #14542: Ensured only ASCII characters are in CSRF cookie value since binary data causes issues with ModSecurity and some browsers 2017-08-07 13:55:10 +03:00 octicon-file-diff(16/) octicon-file-code(16/)
PowerGamer1
8a6f5829d4 Fix for invalid example in Request phpdoc [skip ci] 2017-07-23 23:28:54 +03:00 octicon-file-diff(16/) octicon-file-code(16/)
Alexander Makarov
d38908fc13 Fixed #14469: updated RFC links 2017-07-17 16:21:49 +03:00 octicon-file-diff(16/) octicon-file-code(16/)
yyxx9988
46bf3c410a Add yii\web\Request::getOrigin() method that returns HTTP_ORIGIN of current CORS request 
>The Origin request header indicates where a fetch originates from. It doesn't include any path information, but only the server name. It is sent with CORS requests, as well as with POST requests. It is similar to the Referer header, but, unlike this header, it doesn't disclose the whole path.

From https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin

Working code samples

```php
<?php

// We'll be granting access to only the arunranga.com domain
// which we think is safe to access this resource as application/xml

if($_SERVER['HTTP_ORIGIN'] == "http://arunranga.com") {
    header('Access-Control-Allow-Origin: http://arunranga.com');
    header('Content-type: application/xml');
    readfile('arunerDotNetResource.xml');
} else {
  header('Content-Type: text/html');
  echo "<html>";
  echo "<head>";
  echo "   <title>Another Resource</title>";
  echo "</head>";
  echo "<body>",
       "<p>This resource behaves two-fold:";
  echo "<ul>",
         "<li>If accessed from <code>http://arunranga.com</code> it returns an XML document</li>";
  echo   "<li>If accessed from any other origin including from simply typing in the URL into the browser's address bar,";
  echo   "you get this HTML document</li>",
       "</ul>",
     "</body>",
   "</html>";
}
?>
```
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Server-Side_Access_Control for more info.

close #13835
 2017-07-12 11:10:21 +02:00 octicon-file-diff(16/) octicon-file-code(16/)
Robert Korulczyk
ba0ab403b5 Added php-cs-fixer coding standards validation to Travis CI (#14100) 
* php-cs-fixer: PSR2 rule.

* php-cs-fixer: PSR2 rule - fix views.

* Travis setup refactoring.

* Add php-cs-fixer to travis cs tests.

* Fix tests on hhvm-3.12

* improve travis config

* composer update

* revert composer update

* improve travis config

* Fix CS.

* Extract config to separate classes.

* Extract config to separate classes.

* Add file header.

* Force short array syntax.

* binary_operator_spaces fixer

* Fix broken tests

* cast_spaces fixer

* concat_space fixer

* dir_constant fixer

* ereg_to_preg fixer

* function_typehint_space fixer

* hash_to_slash_comment fixer

* is_null fixer

* linebreak_after_opening_tag fixer

* lowercase_cast fixer

* magic_constant_casing fixer

* modernize_types_casting fixer

* native_function_casing fixer

* new_with_braces fixer

* no_alias_functions fixer

* no_blank_lines_after_class_opening fixer

* no_blank_lines_after_phpdoc fixer

* no_empty_comment fixer

* no_empty_phpdoc fixer

* no_empty_statement fixer

* no_extra_consecutive_blank_lines fixer

* no_leading_import_slash fixer

* no_leading_namespace_whitespace fixer

* no_mixed_echo_print fixer

* no_multiline_whitespace_around_double_arrow fixer

* no_multiline_whitespace_before_semicolons fixer

* no_php4_constructor fixer

* no_short_bool_cast fixer

* no_singleline_whitespace_before_semicolons fixer

* no_spaces_around_offset fixer

* no_trailing_comma_in_list_call fixer

* no_trailing_comma_in_singleline_array fixer

* no_unneeded_control_parentheses fixer

* no_unused_imports fixer

* no_useless_return fixer

* no_whitespace_before_comma_in_array fixer

* no_whitespace_in_blank_line fixer

* not_operator_with_successor_space fixer

* object_operator_without_whitespace fixer

* ordered_imports fixer

* php_unit_construct fixer

* php_unit_dedicate_assert fixer

* php_unit_fqcn_annotation fixer

* phpdoc_indent fixer

* phpdoc_no_access fixer

* phpdoc_no_empty_return fixer

* phpdoc_no_package fixer

* phpdoc_no_useless_inheritdoc fixer

* Fix broken tests

* phpdoc_return_self_reference fixer

* phpdoc_single_line_var_spacing fixer

* phpdoc_single_line_var_spacing fixer

* phpdoc_to_comment fixer

* phpdoc_trim fixer

* phpdoc_var_without_name fixer

* psr4 fixer

* self_accessor fixer

* short_scalar_cast fixer

* single_blank_line_before_namespace fixer

* single_quote fixer

* standardize_not_equals fixer

* ternary_operator_spaces fixer

* trailing_comma_in_multiline_array fixer

* trim_array_spaces fixer

* protected_to_private fixer

* unary_operator_spaces fixer

* whitespace_after_comma_in_array fixer

* `parent::setRules()` -> `$this->setRules()`

* blank_line_after_opening_tag fixer

* Update finder config.

* Revert changes for YiiRequirementChecker.

* Fix array formatting.

* Add missing import.

* Fix CS for new code merged from master.

* Fix some indentation issues.
 2017-06-12 12:25:45 +03:00 octicon-file-diff(16/) octicon-file-code(16/)
Carsten Brandt
be658f82bf release version 2.0.12 2017-06-05 16:33:41 +02:00 octicon-file-diff(16/) octicon-file-code(16/)
Alexander Makarov
b04ff959ce Fixed misleading docs about encoded URIs [skip ci] 2017-04-07 15:59:59 +03:00 octicon-file-diff(16/) octicon-file-code(16/)
Alexander Makarov
43edf24123 Eliminated else branches in yii\web\Request 2017-04-02 02:15:39 +03:00 octicon-file-diff(16/) octicon-file-code(16/)
Sam Mousa
8ae207c3a1 Fixes #13837: Refactored masking of CSRF tokens 2017-04-02 02:10:16 +03:00 octicon-file-diff(16/) octicon-file-code(16/)
Carsten Brandt
c19b2f7dc8 release version 2.0.11 2017-02-01 17:46:29 +01:00 octicon-file-diff(16/) octicon-file-code(16/)
Klimov Paul
7da77c3d5a created HostControl filter to prevent Host header attacks 
fixes #13050
close #13063
 2016-12-01 00:59:26 +01:00 octicon-file-diff(16/) octicon-file-code(16/)
Carsten Brandt
a498dedb5c Added documentation about Host header attack (#13073) 
* Added documentation about Host header attack

Added info about Host header attack (#13050) to the guide and the Request class.
When we introduce a filter or property to protect against this, these
sections should be updated to link to that option.
 2016-11-26 21:57:52 +01:00 octicon-file-diff(16/) octicon-file-code(16/)
Robert Korulczyk
4aa935e69e Fixes #12055: Changed boolean to bool and integer to int in phpdoc 2016-11-07 02:51:39 +03:00 octicon-file-diff(16/) octicon-file-code(16/)
Boudewijn Vahrmeijer
32f4dc8997 Fixes #5385: links created from classes to corresponding guide articles (#12920) 2016-11-04 18:55:14 +03:00 octicon-file-diff(16/) octicon-file-code(16/)
Carsten Brandt
11fe407ad0 release version 2.0.10 2016-10-20 14:02:50 +02:00 octicon-file-diff(16/) octicon-file-code(16/)
Robert Korulczyk
63f95fa3ad Fixes #11309: Added yii\web\Request::getHostName() method that returns hostname of current request 2016-10-07 01:00:14 +03:00 octicon-file-diff(16/) octicon-file-code(16/)
Klimov Paul
ed0603b706 Fixed yii\web\Request::getBodyParams() does not pass full 'content-type' value to yii\web\RequestParserInterface::parse() 2016-09-05 14:49:16 +03:00 octicon-file-diff(16/) octicon-file-code(16/)
Carsten Brandt
17d08cc0a4 fixed crash on non-string input to CSRF token 
fixes #11822

also adding proper unit tests for validate CSRF token.
 2016-06-25 18:22:27 +02:00 octicon-file-diff(16/) octicon-file-code(16/)
Nikola Kovacs
9d327baa8b coding style fixes 2016-05-26 11:19:32 +02:00 octicon-file-diff(16/) octicon-file-code(16/)
Salem Ouerdani
2eb90f82fe removes nonexistent yii/web/rawCsrfToken from docs (#11521) 
* removes nonexistent yii/web/rawCsrfToken from docs

* maj
 2016-05-07 18:38:07 +02:00 octicon-file-diff(16/) octicon-file-code(16/)
Carsten Brandt
731769241b release version 2.0.8 2016-04-28 16:50:20 +02:00 octicon-file-diff(16/) octicon-file-code(16/)
Carsten Brandt
1f0e24c528 allow resetting autodetected properties in yii\web\Request 
fixes #11336
 2016-04-21 12:54:59 +02:00 octicon-file-diff(16/) octicon-file-code(16/)
Evgeniy Tkachenko
4e59f92829 phpDoc updated 2016-03-28 10:24:53 +03:00 octicon-file-diff(16/) octicon-file-code(16/)
quantum
7b46bd1f7c Fixes #10451: Check of existence of $_SERVER in \yii\web\Request before using it 2016-02-15 23:22:45 +03:00 octicon-file-diff(16/) octicon-file-code(16/)
Carsten Brandt
9b5f6cb188 prepare for 2.0.7 release 
- adjust version
- build classmap
- build phpdoc @property annotations
- build mime-type file
 2016-02-14 15:45:55 +01:00 octicon-file-diff(16/) octicon-file-code(16/)
Evgeniy Tkachenko
8b9514fd5f Refactoring yii\web\Request::getMethod 2016-01-28 23:15:10 +03:00 octicon-file-diff(16/) octicon-file-code(16/)
SilverFire - Dmitry Naumenko
cd87d67f34 Global DOCS update: ~~~ replaced with ``` 2015-12-02 23:15:28 +02:00 octicon-file-diff(16/) octicon-file-code(16/)
Alexander Makarov
5ab4f0f090 Better quotes usage in strings 
- Use single quote where interpolation isn't necessary
- Use interpolation when it's better than concatenation
 2015-10-10 00:23:52 +03:00 octicon-file-diff(16/) octicon-file-code(16/)
jeicd
c2f83da8d8 Fix phpdoc 2015-10-05 15:00:13 +06:00 octicon-file-diff(16/) octicon-file-code(16/)
Boudewijn Vahrmeijer
dd818e17df Fixes #9754: Fixed \yii\web\Request error when path info is empty 2015-09-23 15:06:23 +03:00 octicon-file-diff(16/) octicon-file-code(16/)
zetamen
df6f270a0e Fixes #9161: Fixed yii\web\Request ignore queryParams when resolve request 2015-07-21 10:40:31 +03:00 octicon-file-diff(16/) octicon-file-code(16/)
Alexander Makarov
9f91a02a86 Fixes #9005: added note about crossdomain jQuery requests and Request::getIsAjax() 2015-07-06 16:34:02 +03:00 octicon-file-diff(16/) octicon-file-code(16/)
Alexander Mohorev
ae42a054bb PSR-2 spaces, commas, etc 2015-06-09 00:05:06 +03:00 octicon-file-diff(16/) octicon-file-code(16/)
Alexander Mohorev
e8535eea22 Incorrect property type declared. 2015-06-07 23:55:34 +03:00 octicon-file-diff(16/) octicon-file-code(16/)
Klimov Paul
8609311738 Fixed numeric keys in $_GET transformed to 0-based, if 'pretty URL' enabled 2015-05-06 17:09:31 +03:00 octicon-file-diff(16/) octicon-file-code(16/)
Carsten Brandt
ef662b57be added missing @since annotations 2015-04-24 12:09:40 +02:00 octicon-file-diff(16/) octicon-file-code(16/)
Qiang Xue
92664b4b11 code optimization [skip ci] 2015-04-06 08:14:01 -04:00 octicon-file-diff(16/) octicon-file-code(16/)
Qiang Xue
739f6358cd Fixes #7637: Allow yii\web\Request::validateCsrfToken() to validate a manually provided token 2015-04-05 17:34:29 -04:00 octicon-file-diff(16/) octicon-file-code(16/)
Qiang Xue
19ca5a1584 Fixes #7637. 2015-03-30 22:36:45 -04:00 octicon-file-diff(16/) octicon-file-code(16/)
Qiang Xue
ae305bb907 Fixes #7226: yii\web\Request::getEtag() should strip off -gzip which may be added by Apache 2015-02-10 13:36:05 -05:00 octicon-file-diff(16/) octicon-file-code(16/)
Qiang Xue
0a6cd6190b Fixes #7051: Added support for preventing swapping values between different cookies 2015-01-28 22:29:37 -05:00 octicon-file-diff(16/) octicon-file-code(16/)
Brandon Kelly
7a9f1a0ce7 getQueryParam() and getBodyParam() doc edits 
- Made yii\web\Request::getQueryParam() and getBodyParam()'s doc blocks more consistent with each other
- getQueryParam() was incorrectly stating that if $name was omitted, all of $_GET would be returned (but $name is required)
 2015-01-12 17:12:57 -08:00 octicon-file-diff(16/) octicon-file-code(16/)
Alexander Mohorev
f1edafffaf PHPDoc comment doesn't contain all necessary @throws tag 
close #5762
 2014-10-25 12:47:08 +02:00 octicon-file-diff(16/) octicon-file-code(16/)
Alexander Makarov
c489f8228d Removed unnecessary token generation. We already have it. 2014-10-09 14:53:59 +04:00 octicon-file-diff(16/) octicon-file-code(16/)
Qiang Xue
d2b864da84 prepare for 2.0.0-rc release. 2014-09-27 21:59:54 -04:00 octicon-file-diff(16/) octicon-file-code(16/)
Qiang Xue
262a77caca Added yii\web\Response::enableCsrfCookie to support storing CSRF tokens in session 2014-09-04 12:20:09 -04:00 octicon-file-diff(16/) octicon-file-code(16/)
Carsten Brandt
92b958cd33 fixed return value of yii\web\Request::getPrefferedLanguage 
ensure it is one of the input values

fixes #4880
 2014-09-01 12:46:38 +02:00 octicon-file-diff(16/) octicon-file-code(16/)
Jin Hu
3a7ed9b1a9 Added yii\web\Request::setRawBody() 2014-08-20 23:14:48 +08:00 octicon-file-diff(16/) octicon-file-code(16/)
Carsten Brandt
3a1e0f3a5c property codestyle framework 2014-07-30 00:21:31 +02:00 octicon-file-diff(16/) octicon-file-code(16/)
Carsten Brandt
1f31f27787 phpdoc 2014-07-29 22:19:14 +02:00 octicon-file-diff(16/) octicon-file-code(16/)