diff --git a/framework/yii/gii/generators/crud/templates/views/_search.php b/framework/yii/gii/generators/crud/templates/views/_search.php index a649589..13e2b82 100644 --- a/framework/yii/gii/generators/crud/templates/views/_search.php +++ b/framework/yii/gii/generators/crud/templates/views/_search.php @@ -23,7 +23,10 @@ use yii\widgets\ActiveForm;
- $form = ActiveForm::begin(array('method' => 'get')); ?> + $form = ActiveForm::begin(array( + 'action' => array('index'), + 'method' => 'get', + )); ?> 'form-control'); + public $filterInputOptions = array('class' => 'form-control', 'id' => null); protected function renderHeaderCellContent() diff --git a/framework/yii/helpers/BaseHtml.php b/framework/yii/helpers/BaseHtml.php index 2baa679..ff12cd5 100644 --- a/framework/yii/helpers/BaseHtml.php +++ b/framework/yii/helpers/BaseHtml.php @@ -237,7 +237,7 @@ class BaseHtml $hiddenInputs[] = static::hiddenInput($request->restVar, $method); $method = 'post'; } - if ($request->enableCsrfValidation) { + if ($request->enableCsrfValidation && !strcasecmp($method, 'post')) { $hiddenInputs[] = static::hiddenInput($request->csrfVar, $request->getCsrfToken()); } } diff --git a/framework/yii/web/Request.php b/framework/yii/web/Request.php index e5d9477..312adc1 100644 --- a/framework/yii/web/Request.php +++ b/framework/yii/web/Request.php @@ -77,6 +77,7 @@ class Request extends \yii\base\Request */ const CSRF_HEADER = 'X-CSRF-Token'; + /** * @var boolean whether to enable CSRF (Cross-Site Request Forgery) validation. Defaults to true. * When CSRF validation is enabled, forms submitted to an Yii Web application must be originated