Error202
/
yii2-swiftmailer
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

renamed Request::csrfTokenName to csrfVar. 

added version, csrfVar and csrfToken to yii js module.
tags/2.0.0-beta
Qiang Xue 12 years ago
parent
f5778b6bf0
commit
51c29e444d
4 changed files with 35 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      framework/yii/assets/yii.js
  2. 2
      framework/yii/helpers/HtmlBase.php
  3. 22
      framework/yii/web/Request.php
  4. 17
      framework/yii/web/YiiAsset.php

6
framework/yii/assets/yii.js
Unescape View File

@ -43,7 +43,13 @@
*/ */
yii = (function ($) { yii = (function ($) {
var pub = { var pub = {
// version of Yii framework
version: '2.0', version: '2.0',
// CSRF token name and value. If this is set and a form is created and submitted using JavaScript
// via POST, the CSRF token should be submitted too to pass CSRF validation.
csrfVar: undefined,
csrfToken: undefined,
initModule: function (module) { initModule: function (module) {
if (module.isActive === undefined || module.isActive) { if (module.isActive === undefined || module.isActive) {
if ($.isFunction(module.init)) { if ($.isFunction(module.init)) {

2
framework/yii/helpers/HtmlBase.php
Unescape View File

@ -238,7 +238,7 @@ class HtmlBase
$method = 'post'; $method = 'post';
} }
if ($request->enableCsrfValidation) { if ($request->enableCsrfValidation) {
$hiddenInputs[] = static::hiddenInput($request->csrfTokenName, $request->getCsrfToken()); $hiddenInputs[] = static::hiddenInput($request->csrfVar, $request->getCsrfToken());
} }
} }

22
framework/yii/web/Request.php
Unescape View File

@ -73,16 +73,16 @@ class Request extends \yii\base\Request
* from the same application. If not, a 400 HTTP exception will be raised. * from the same application. If not, a 400 HTTP exception will be raised.
* *
* Note, this feature requires that the user client accepts cookie. Also, to use this feature, * Note, this feature requires that the user client accepts cookie. Also, to use this feature,
* forms submitted via POST method must contain a hidden input whose name is specified by [[csrfTokenName]]. * forms submitted via POST method must contain a hidden input whose name is specified by [[csrfVar]].
* You may use [[\yii\web\Html::beginForm()]] to generate his hidden input. * You may use [[\yii\web\Html::beginForm()]] to generate his hidden input.
* @see http://en.wikipedia.org/wiki/Cross-site_request_forgery * @see http://en.wikipedia.org/wiki/Cross-site_request_forgery
*/ */
public $enableCsrfValidation = false; public $enableCsrfValidation = false;
/** /**
* @var string the name of the token used to prevent CSRF. Defaults to 'YII_CSRF_TOKEN'. * @var string the name of the token used to prevent CSRF. Defaults to '_csrf'.
* This property is effectively only when {@link enableCsrfValidation} is true. * This property is effectively only when [[enableCsrfValidation]] is true.
*/ */
public $csrfTokenName = '_csrf'; public $csrfVar = '_csrf';
/** /**
* @var array the configuration of the CSRF cookie. This property is used only when [[enableCsrfValidation]] is true. * @var array the configuration of the CSRF cookie. This property is used only when [[enableCsrfValidation]] is true.
* @see Cookie * @see Cookie
@ -975,7 +975,7 @@ class Request extends \yii\base\Request
public function getCsrfToken() public function getCsrfToken()
{ {
if ($this->_csrfCookie === null) { if ($this->_csrfCookie === null) {
$this->_csrfCookie = $this->getCookies()->get($this->csrfTokenName); $this->_csrfCookie = $this->getCookies()->get($this->csrfVar);
if ($this->_csrfCookie === null) { if ($this->_csrfCookie === null) {
$this->_csrfCookie = $this->createCsrfCookie(); $this->_csrfCookie = $this->createCsrfCookie();
Yii::$app->getResponse()->getCookies()->add($this->_csrfCookie); Yii::$app->getResponse()->getCookies()->add($this->_csrfCookie);
@ -994,7 +994,7 @@ class Request extends \yii\base\Request
protected function createCsrfCookie() protected function createCsrfCookie()
{ {
$options = $this->csrfCookie; $options = $this->csrfCookie;
$options['name'] = $this->csrfTokenName; $options['name'] = $this->csrfVar;
$options['value'] = sha1(uniqid(mt_rand(), true)); $options['value'] = sha1(uniqid(mt_rand(), true));
return new Cookie($options); return new Cookie($options);
} }
@ -1015,19 +1015,19 @@ class Request extends \yii\base\Request
$cookies = $this->getCookies(); $cookies = $this->getCookies();
switch ($method) { switch ($method) {
case 'POST': case 'POST':
$token = $this->getPost($this->csrfTokenName); $token = $this->getPost($this->csrfVar);
break; break;
case 'PUT': case 'PUT':
$token = $this->getPut($this->csrfTokenName); $token = $this->getPut($this->csrfVar);
break; break;
case 'PATCH': case 'PATCH':
$token = $this->getPatch($this->csrfTokenName); $token = $this->getPatch($this->csrfVar);
break; break;
case 'DELETE': case 'DELETE':
$token = $this->getDelete($this->csrfTokenName); $token = $this->getDelete($this->csrfVar);
} }
if (empty($token) || $cookies->getValue($this->csrfTokenName) !== $token) { if (empty($token) || $cookies->getValue($this->csrfVar) !== $token) {
throw new HttpException(400, Yii::t('yii', 'Unable to verify your data submission.')); throw new HttpException(400, Yii::t('yii', 'Unable to verify your data submission.'));
} }
} }

17
framework/yii/web/YiiAsset.php
Unescape View File

@ -7,6 +7,8 @@
namespace yii\web; namespace yii\web;
use Yii;
/** /**
* @author Qiang Xue <qiang.xue@gmail.com> * @author Qiang Xue <qiang.xue@gmail.com>
* @since 2.0 * @since 2.0
@ -20,4 +22,19 @@ class YiiAsset extends AssetBundle
public $depends = array( public $depends = array(
'yii\web\JqueryAsset', 'yii\web\JqueryAsset',
); );
/**
* @inheritdoc
*/
public function registerAssets($view)
{
parent::registerAssets($view);
$js[] = "yii.version = '" . Yii::getVersion() . "';";
$request = Yii::$app->getRequest();
if ($request instanceof Request && $request->enableCsrfValidation) {
$js[] = "yii.csrfVar = '{$request->csrfVar}';";
$js[] = "yii.csrfToken = '{$request->csrfToken}';";
}
$view->registerJs(implode("\n", $js));
}
} }

Write Preview
Loading…
Cancel
Save