Error202
/
yii2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Adding support for the X-HTTP-Method-Override header.

tags/2.0.0-beta
pzaremba 11 years ago
parent
9779e9c98d
commit
0bf39f6e98
2 changed files with 8 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      framework/CHANGELOG.md
  2. 15
      framework/web/Request.php

1
framework/CHANGELOG.md
Unescape View File

@ -4,6 +4,7 @@ Yii Framework 2 Change Log
2.0.0 beta under development
----------------------------
- Enh: Adding support for the `X-HTTP-Method-Override` header in `yii\web\Request::getMethod()`.
- Bug #1265: AssetController does not override 'js' and 'css' for compressed bundles (klimov-paul)
- Bug #1326: The `visible` setting for `DetailView` doesn't work as expected (qiangxue)
- Bug #1412: `FileValidator` and `ImageValidator` still trigger `uploadRequired` error in some case when `skipOnEmpty` is true and no upload is provided (qiangxue)

15
framework/web/Request.php
Unescape View File

@ -79,6 +79,7 @@ use yii\helpers\StringHelper;
*/
class Request extends \yii\base\Request
{
/**
* The name of the HTTP header for sending CSRF token.
*/
@ -88,7 +89,6 @@ class Request extends \yii\base\Request
*/
const CSRF_MASK_LENGTH = 8;
/**
* @var boolean whether to enable CSRF (Cross-Site Request Forgery) validation. Defaults to true.
* When CSRF validation is enabled, forms submitted to an Yii Web application must be originated
@ -146,9 +146,7 @@ class Request extends \yii\base\Request
* @see getBodyParams()
*/
public $parsers = [];
private $_cookies;
/**
* @var array the headers in this collection (indexed by the header names)
*/
@ -210,6 +208,8 @@ class Request extends \yii\base\Request
{
if (isset($_POST[$this->methodVar])) {
return strtoupper($_POST[$this->methodVar]);
} elseif (isset($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'])) {
return strtoupper($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE']);
} else {
return isset($_SERVER['REQUEST_METHOD']) ? strtoupper($_SERVER['REQUEST_METHOD']) : 'GET';
}
@ -748,8 +748,7 @@ class Request extends \yii\base\Request
*/
public function getIsSecureConnection()
{
return isset($_SERVER['HTTPS']) && (strcasecmp($_SERVER['HTTPS'], 'on') === 0 || $_SERVER['HTTPS'] == 1)
|| isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') === 0;
return isset($_SERVER['HTTPS']) && (strcasecmp($_SERVER['HTTPS'], 'on') === 0 || $_SERVER['HTTPS'] == 1) || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') === 0;
}
/**
@ -953,7 +952,8 @@ class Request extends \yii\base\Request
$n = preg_match_all('/\s*([\w\/\-\*]+)\s*(?:;\s*q\s*=\s*([\d\.]+))?[^,]*/', $header, $matches, PREG_SET_ORDER);
for ($i = 0; $i < $n; ++$i) {
if (!empty($matches[$i][1])) {
$accepts[] = [$matches[$i][1], isset($matches[$i][2]) ? (float)$matches[$i][2] : 1, $i];
$accepts[] = [$matches[$i][1], isset($matches[$i][2]) ? (float)$matches[$i][2] : 1,
$i];
}
}
usort($accepts, function ($a, $b) {
@ -1194,8 +1194,7 @@ class Request extends \yii\base\Request
}
$trueToken = $this->getCookies()->getValue($this->csrfVar);
$token = $this->getBodyParam($this->csrfVar);
return $this->validateCsrfTokenInternal($token, $trueToken)
|| $this->validateCsrfTokenInternal($this->getCsrfTokenFromHeader(), $trueToken);
return $this->validateCsrfTokenInternal($token, $trueToken) || $this->validateCsrfTokenInternal($this->getCsrfTokenFromHeader(), $trueToken);
}
private function validateCsrfTokenInternal($token, $trueToken)

Write Preview
Loading…
Cancel
Save