c82da8dc82
Add visibility for all class elements ( #20557 )
2025-10-02 01:27:23 +03:00
53256fdd24
Fix #20513 : Fix code examples in PHPDoc
2025-09-06 00:22:56 +03:00
f914cda51e
Remove invalid @property annotations and fix property descriptions ( #20510 )
2025-09-05 00:33:39 +03:00
40b1ec3799
release version 2.0.52
2025-02-13 23:02:28 +03:00
36b34b0dc1
fix 'unafe' typo
2024-11-28 12:01:15 +07:00
e6e8311d57
fix phpdoc
2024-11-25 13:58:16 +07:00
9a3797b11f
update phpdoc
2024-11-24 17:42:00 +07:00
717b285115
add CSRF validation by custom HTTP header
2024-11-23 18:58:06 +07:00
52e4a3e645
release version 2.0.50
2024-05-30 20:23:31 +03:00
e2a167028b
Upgrade to PSR12 coding standard ( #20121 )
2024-03-19 17:21:27 +03:00
aa1e4432f1
Fix #19794 : Add caching in yii\web\Request for getUserIP() and getSecureForwardedHeaderTrustedParts()
2023-03-30 11:51:09 +03:00
473ead8e46
Optimize: simplified regexp ( #19541 )
2022-09-06 09:42:58 +03:00
22614a5b1f
release version 2.0.46
2022-08-19 01:18:45 +03:00
161526cd41
HTTPS everywhere ( #19503 )
2022-08-03 12:32:18 +03:00
827db6c90e
Revert "Fix #19290 : Fix Request::getHostInfo() doesn’t return the port if a Host header is used"
...
This reverts commit 8046d3a50f207e1033e1b23ff571da5bced0c822.
2022-07-01 10:28:31 +03:00
45519d3c18
Fix #19437 : Add support to specify request port by trusted proxies in \yii\web\Request::getServerPort()
2022-06-17 20:18:18 +03:00
e39e744b45
Fix #19384 : Normalize setBodyParams() and getBodyParam() in yii\web\Request
2022-05-23 10:39:33 +04:00
8046d3a50f
Fix #19290 : Fix Request::getHostInfo() doesn’t return the port if a Host header is used
2022-04-16 00:37:55 +04:00
4628b91e73
Fix types ( #19332 )
...
* Migration::upsert() returns void
* Unneeded `@property` tags
* Add missing `null` param/return types
* Null types for db\Query + db\ActiveQuery
* Fixed testSelect
2022-03-30 18:40:10 +02:00
0792736b35
release version 2.0.45
2022-02-11 16:12:40 +03:00
1271bc419f
Fix #19041 : Fix PHP 8.1 issues
2022-01-14 13:52:01 +03:00
655786b7ed
release version 2.0.44
2021-12-30 10:50:56 +03:00
552593ca3b
Prepare for new apidoc (part 2) ( #19010 )
...
* Fix broken links for events with different namespace
* Fix broken links in see tag
* Fix broken links in see tag (loadData())
* Fix broken link for var_export()
* Fix broken link for CVE
* Remove redundant markdown link wrap in see tags
* Remove see tags that refer to private properties
* Remove more see tags that refer to private properties
* Remove see tags that refer to private methods
* Remove one more redundant markdown link wrap in see tag [skip ci]
* Fix typo in see tag (causes broken link)
* Remove more see tags that refer to private methods
2021-11-18 10:10:09 +03:00
fa6f0ef658
Fix variable references in phpdoc ( #19006 )
2021-11-10 13:26:55 +03:00
0041f034fd
[doc] Update PHP doc links ( #18957 )
...
* Replace https://secure.php.net with https://www.php.net
* Replace http://www.php.net with https://www.php.net
2021-10-19 14:50:26 +02:00
175f66e6e0
Fix #18908 : Add stdClass as possible return type to getBodyParams ( #18918 )
2021-10-01 23:23:30 +03:00
df6e5869bd
docs: update RFC 7239 link ( #18839 )
...
fix #18838
2021-08-16 17:26:31 +02:00
e83a86fd30
Fix #18648 : Fix yii\web\Request to properly handle HTTP Basic Auth headers
2021-07-01 13:06:38 +03:00
88a7a00458
release version 2.0.42
2021-05-06 00:08:29 +03:00
209cf9b2de
Improve docs
2021-04-30 09:55:46 +02:00
f935065bca
Fix #18518 : Add support for ngrok’s X-Original-Host header
2021-02-16 20:04:58 +03:00
ccb14ff667
release version 2.0.39
2020-11-10 13:58:35 +03:00
65e5640810
Fix #17932 : Fix regression in detection of AJAX requests ( #17937 )
2020-03-26 12:30:56 +03:00
7f88acb313
Fix #17878 : Detect CORS AJAX requests without X-Requested-With in Request::getIsAjax()
2020-03-24 19:01:52 +03:00
7ec7fd11ee
Fix #17878 : Added note about fetch() to Request::getIsAjax() phpdoc [skip ci]
2020-02-20 01:10:59 +03:00
038ce9f77e
Fix #17755 : Fix a bug for web request with trustedHosts set to format ['10.0.0.1' => ['X-Forwarded-For']]
2020-01-15 15:51:57 +03:00
5e71b11d8d
#17733 : Additional fixes for #17665 , Forwarded header parsing in Request
...
- Remove header from secure headers
- Regexp and return null fix
- Fix tests, fix in array case sensitivity, rx duplicated group name
- Simplify code
- Add phpdoc
Co-Authored-By: Alexander Makarov <sam@rmcreative.ru>
2019-12-17 21:53:55 +03:00
83055dcc33
Fix #17665 : Implement RFC 7239 Forwarded header parsing in Request
2019-12-12 23:29:54 +03:00
9054cdfdcc
Fixes #17521 : Request::getUserHost() and request::getUserIp() ( #17593 )
2019-10-05 22:33:29 +03:00
c87855b31c
Fix #17573 : Request::getUserIP() security fix for the case when Request::$trustedHost and Request::$ipHeaders are used
2019-10-03 14:56:20 +03:00
55418776d4
Fixes #17215 : Improved security for servers running PHP 7.0.0+
2019-03-20 14:38:12 +03:00
bdb7c64910
Update to https protocol for php.net links ( #17168 ) [skip ci]
...
* Updated php.net link for some MemCache properties [skip ci]
* Changed protocol to https for links to php.net in comments
* Changed protocol to https for links to php.net in code
* Changed www.php.net (http) to secure.php.net (https) in comments
* Changed www.php.net (http) to secure.php.net (https) in code
* Changed protocol to https for links to php.net in UPGRADE.md
* Changed protocol to https for links to pecl.php.net in comments
* Changed us.php.net to secure.php.net (https) in comments
* Changed protocol to https for links to php.net in docs
* Changed www.php.net (http) to secure.php.net (https) in docs
* Changed protocol to https for links to pecl.php.net in docs
* Changed ru/jp.php.net to secure.php.net (https) in docs
Don't sure about russian guide: is this links meant to be for guide on russian, or not?
2019-02-28 13:09:27 +03:00
e4eaccc14d
Merge branch 'security'
2019-01-28 22:50:38 +02:00
a140b2b468
Fixes #16991 : Removed usage of utf8_encode() from Request::resolvePathInfo()
2019-01-03 17:36:16 -05:00
1e13bfd13d
Fixed CSRF token check bypassing in Request::getMethod()
2018-11-23 12:55:16 +02:00
15dfbb0875
Fixes #16322 : Fixed strings were not were not compared using timing attack resistant approach while CSRF token validation
2018-05-30 22:48:07 +03:00
6dd2aec011
[minor]: SCA ( #16269 )
...
* Php Inspections (EA Ultimate): minor code tweaks
* Php Inspections (EA Ultimate): code style
* Php Inspections (EA Ultimate): code style
* Php Inspections (EA Ultimate): code style
2018-05-14 12:00:01 +03:00
35ac718110
Fixes #16006 : Handle case when X-Forwarded-Host header have multiple hosts separated with a comma
2018-03-31 16:17:16 +03:00
1a74b3d4f8
[minor] SCA with Php Inspections (EA Ultimate) ( #15871 )
...
* Php Inspections (EA Ultimate): use type casting where applicable
* Php Inspections (EA Ultimate): use constants where applicable
* Php Inspections (EA Ultimate): CS
* Php Inspections (EA Ultimate): address some of one-time used variables
* Php Inspections (EA Ultimate): address some of performance-related findings
* Php Inspections (EA Ultimate): address some of performance-related findings
* Php Inspections (EA Ultimate): revert a constant usage
* Php Inspections (EA Ultimate): revert sequential assignments
* Php Inspections (EA Ultimate): build is green again
* Php Inspections (EA Ultimate): revert array_merge tweaks
* Php Inspections (EA Ultimate): revert BC-incompatible one-time used variable tweak
* Update description [skip ci]
* Php Inspections (EA Ultimate): CS
2018-03-12 01:37:19 +03:00
f10cb6aeee
SCA with Php Inspections (EA Ultimate)
2018-02-27 19:13:22 +01:00
