cleanup

framework/console/Application.php

@@ -91,9 +91,10 @@ class Application extends \yii\base\Application
 		/** @var $request Request */
 		$request = $this->getRequest();
 		if ($request->getIsConsoleRequest()) {
-			return $this->runAction($request->route, $request->params);
+			list ($route, $params) = $request->resolve();
+			return $this->runAction($route, $params);
 		} else {
-			throw new Exception(\Yii::t('yii|this script must be run from the command line.'));
+			throw new Exception(\Yii::t('yii|This script must be run from the command line.'));
 		}
 	}
 

framework/console/Request.php

@@ -17,49 +17,33 @@ class Request extends \yii\base\Request
 {
 	const ANONYMOUS_PARAMS = '-args';
 
-	/**
-	 * @var string the controller route specified by this request. If this is an empty string,
-	 * it means the [[Application::defaultRoute|default route]] will be used.
-	 * Note that the value of this property may not be a correct route. The console application
-	 * will determine it is valid or not when it attempts to execute with this route.
-	 */
-	public $route;
-	/**
-	 * @var array
-	 */
-	public $params;
-
-	public function init()
-	{
-		parent::init();
-		$this->resolveRequest();
-	}
-
 	public function getRawParams()
 	{
 		return isset($_SERVER['argv']) ? $_SERVER['argv'] : array();
 	}
 
-	protected function resolveRequest()
+	public function resolve()
 	{
 		$rawParams = $this->getRawParams();
 		array_shift($rawParams);  // the 1st argument is the yiic script name
 
 		if (isset($rawParams[0])) {
-			$this->route = $rawParams[0];
+			$route = $rawParams[0];
 			array_shift($rawParams);
 		} else {
-			$this->route = '';
+			$route = '';
 		}
 
-		$this->params = array(self::ANONYMOUS_PARAMS => array());
+		$params = array(self::ANONYMOUS_PARAMS => array());
 		foreach ($rawParams as $param) {
 			if (preg_match('/^--(\w+)(=(.*))?$/', $param, $matches)) {
 				$name = $matches[1];
-				$this->params[$name] = isset($matches[3]) ? $matches[3] : true;
+				$params[$name] = isset($matches[3]) ? $matches[3] : true;
 			} else {
-				$this->params[self::ANONYMOUS_PARAMS][] = $param;
+				$params[self::ANONYMOUS_PARAMS][] = $param;
 			}
 		}
+
+		return array($route, $params);
 	}
 }

framework/web/Application.php

@@ -67,6 +67,9 @@ class Application extends \yii\base\Application
 			'response' => array(
 				'class' => 'yii\web\Response',
 			),
+			'session' => array(
+				'class' => 'yii\web\Session',
+			),
 			'urlManager' => array(
 				'class' => 'yii\web\UrlManager',
 			),

framework/web/Request.php

@@ -27,27 +27,6 @@ class Request extends \yii\base\Request
 	 */
 	public $cookieValidationKey;
 	/**
-	 * @var boolean whether to enable CSRF (Cross-Site Request Forgery) validation. Defaults to false.
-	 * By setting this property to true, forms submitted to an Yii Web application must be originated
-	 * from the same application. If not, a 400 HTTP exception will be raised.
-	 * Note, this feature requires that the user client accepts cookie.
-	 * You also need to use {@link CHtml::form} or {@link CHtml::statefulForm} to generate
-	 * the needed HTML forms in your pages.
-	 * @see http://seclab.stanford.edu/websec/csrf/csrf.pdf
-	 */
-	public $enableCsrfValidation = false;
-	/**
-	 * @var string the name of the token used to prevent CSRF. Defaults to 'YII_CSRF_TOKEN'.
-	 * This property is used only when [[enableCsrfValidation]] is true.
-	 */
-	public $csrfTokenName = 'YII_CSRF_TOKEN';
-	/**
-	 * @var array the property values (in name-value pairs) used to initialize the CSRF cookie.
-	 * Any property of {@link CHttpCookie} may be initialized.
-	 * This property is effective only when {@link enableCsrfValidation} is true.
-	 */
-	public $csrfCookie;
-	/**
 	 * @var string|boolean the name of the POST parameter that is used to indicate if a request is a PUT or DELETE
 	 * request tunneled through POST. If false, it means disabling REST request tunneled through POST.
 	 * Default to '_method'.
@@ -59,55 +38,6 @@ class Request extends \yii\base\Request
 	private $_cookies;
 
 	/**
-	 * Initializes the application component.
-	 * This method overrides the parent implementation by preprocessing
-	 * the user request data.
-	 */
-	public function init()
-	{
-		parent::init();
-		$this->normalizeRequest();
-	}
-
-	/**
-	 * Normalizes the request data.
-	 * This method strips off slashes in request data if get_magic_quotes_gpc() returns true.
-	 * It also performs CSRF validation if {@link enableCsrfValidation} is true.
-	 */
-	protected function normalizeRequest()
-	{
-		if (get_magic_quotes_gpc()) {
-			if (isset($_GET)) {
-				$_GET = $this->stripSlashes($_GET);
-			}
-			if (isset($_POST)) {
-				$_POST = $this->stripSlashes($_POST);
-			}
-			if (isset($_REQUEST)) {
-				$_REQUEST = $this->stripSlashes($_REQUEST);
-			}
-			if (isset($_COOKIE)) {
-				$_COOKIE = $this->stripSlashes($_COOKIE);
-			}
-		}
-
-		if ($this->enableCsrfValidation) {
-			\Yii::$app->on('beginRequest', array($this, 'validateCsrfToken'));
-		}
-	}
-
-	/**
-	 * Strips slashes from input data.
-	 * This method is applied when magic quotes is enabled.
-	 * @param mixed $data input data to be processed
-	 * @return mixed processed data
-	 */
-	public function stripSlashes($data)
-	{
-		return is_array($data) ? array_map(array($this, 'stripSlashes'), $data) : stripslashes($data);
-	}
-
-	/**
 	 * Returns the method of the current request (e.g. GET, POST, HEAD, PUT, DELETE).
 	 * @return string request method, such as GET, POST, HEAD, PUT, DELETE.
 	 * The value returned is turned into upper case.