diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md index 51425e8..50b63b7 100644 --- a/framework/CHANGELOG.md +++ b/framework/CHANGELOG.md @@ -4,6 +4,7 @@ Yii Framework 2 Change Log 2.0.0 beta under development ---------------------------- +- Enh: Adding support for the `X-HTTP-Method-Override` header in `yii\web\Request::getMethod()`. - Bug #1265: AssetController does not override 'js' and 'css' for compressed bundles (klimov-paul) - Bug #1326: The `visible` setting for `DetailView` doesn't work as expected (qiangxue) - Bug #1412: `FileValidator` and `ImageValidator` still trigger `uploadRequired` error in some case when `skipOnEmpty` is true and no upload is provided (qiangxue) diff --git a/framework/web/Request.php b/framework/web/Request.php index 25ac672..e3216c3 100644 --- a/framework/web/Request.php +++ b/framework/web/Request.php @@ -79,6 +79,7 @@ use yii\helpers\StringHelper; */ class Request extends \yii\base\Request { + /** * The name of the HTTP header for sending CSRF token. */ @@ -88,7 +89,6 @@ class Request extends \yii\base\Request */ const CSRF_MASK_LENGTH = 8; - /** * @var boolean whether to enable CSRF (Cross-Site Request Forgery) validation. Defaults to true. * When CSRF validation is enabled, forms submitted to an Yii Web application must be originated @@ -146,9 +146,7 @@ class Request extends \yii\base\Request * @see getBodyParams() */ public $parsers = []; - private $_cookies; - /** * @var array the headers in this collection (indexed by the header names) */ @@ -210,6 +208,8 @@ class Request extends \yii\base\Request { if (isset($_POST[$this->methodVar])) { return strtoupper($_POST[$this->methodVar]); + } elseif (isset($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'])) { + return strtoupper($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE']); } else { return isset($_SERVER['REQUEST_METHOD']) ? strtoupper($_SERVER['REQUEST_METHOD']) : 'GET'; } @@ -748,8 +748,7 @@ class Request extends \yii\base\Request */ public function getIsSecureConnection() { - return isset($_SERVER['HTTPS']) && (strcasecmp($_SERVER['HTTPS'], 'on') === 0 || $_SERVER['HTTPS'] == 1) - || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') === 0; + return isset($_SERVER['HTTPS']) && (strcasecmp($_SERVER['HTTPS'], 'on') === 0 || $_SERVER['HTTPS'] == 1) || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') === 0; } /** @@ -953,7 +952,8 @@ class Request extends \yii\base\Request $n = preg_match_all('/\s*([\w\/\-\*]+)\s*(?:;\s*q\s*=\s*([\d\.]+))?[^,]*/', $header, $matches, PREG_SET_ORDER); for ($i = 0; $i < $n; ++$i) { if (!empty($matches[$i][1])) { - $accepts[] = [$matches[$i][1], isset($matches[$i][2]) ? (float)$matches[$i][2] : 1, $i]; + $accepts[] = [$matches[$i][1], isset($matches[$i][2]) ? (float)$matches[$i][2] : 1, + $i]; } } usort($accepts, function ($a, $b) { @@ -1194,8 +1194,7 @@ class Request extends \yii\base\Request } $trueToken = $this->getCookies()->getValue($this->csrfVar); $token = $this->getBodyParam($this->csrfVar); - return $this->validateCsrfTokenInternal($token, $trueToken) - || $this->validateCsrfTokenInternal($this->getCsrfTokenFromHeader(), $trueToken); + return $this->validateCsrfTokenInternal($token, $trueToken) || $this->validateCsrfTokenInternal($this->getCsrfTokenFromHeader(), $trueToken); } private function validateCsrfTokenInternal($token, $trueToken)