3acca93ad3
Enable CSRF validation by default.
11 years ago
1aeb86df78
refactored Request::validateCsrfToken().
11 years ago
4f555a5751
Fixed CSRF validation bug.
11 years ago
f9b957554f
Added Controller::enableCsrfValidation to support turning on/off CSRF validation for particular actions.
11 years ago
b8ffee6559
moved CacheSession::init() parent call after init of cache component
...
session autostart would fail otherwise.
fixes #887
11 years ago
cc09ef56b9
updated @property annotations of web\Request
11 years ago
2deff126cf
Supports sending CSRF token via HTTP header.
11 years ago
1aa836ffc7
use meta tags to pass CSRF token.
11 years ago
ad479dd7f6
Modified js registration position.
11 years ago
51c29e444d
renamed Request::csrfTokenName to csrfVar.
...
added version, csrfVar and csrfToken to yii js module.
11 years ago
f34d7064ea
Better phpdoc for AccessControl
11 years ago
30907b6134
Fixes #826 : cleaned up User::getReturnUrl().
11 years ago
64d57b397a
add checks for HEAD request
11 years ago
d02e7d4004
add checks for GET and OPTIONS requests
11 years ago
ea10868824
Removed Yii::import().
11 years ago
afd0472784
Fixes #837 : turn private variables into public ones.
11 years ago
947a557240
Reverted changeset 595ac6d0be
11 years ago
595ac6d0be
Fixes #833 : added charset to json response.
11 years ago
4b7f5a728a
improved control over and handling of file and dir permissions
...
- rename FileHelper::mkdir for API consistency
- changed default permission for directories to 775 instead of 777
- added some properties to classes that deal with files to allow control
over directory permissions.
11 years ago
e1a6aacba8
Fixes #829 : loginRequired now responds with HTTP 403 in case of AJAX or loginUrl is not set (reverted from commit c2c12a9049)
11 years ago
c2c12a9049
Fixes #829 : loginRequired now responds with HTTP 403 in case of AJAX or loginUrl is not set
11 years ago
147558ea19
added some class documentation
11 years ago
c582e589d2
added note about differing property types
11 years ago
ca69ef09d4
update of @property annotations
11 years ago
bdb77f33ba
updated @property annotations of many classes
11 years ago
9f72973b83
Bug in XML format
11 years ago
a9e71d5565
better handling with exceptions in __toString()
11 years ago
27ad7e1fc7
Added Controller::goHome().
11 years ago
89fa7ed3cb
Reverted the change to User::loginUrl.
11 years ago
21eab82413
Refactored redirect() methods.
11 years ago
3f8e9b7a84
Login url fix when called from a module
11 years ago
d1c41fe144
changed to trace from info.
11 years ago
8ee92fdb80
Added ErrorAction.
11 years ago
2409624894
fix typos - `Yii::app()`
11 years ago
9c97e3e38a
fixed phpdoc of Request
11 years ago
3d5388ff2b
Reorganized captcha code.
11 years ago
9f4ccb6243
Added status code display to debugger toolbar.
11 years ago
3a2215b833
fixed length constraints check to always result in correct range
11 years ago
eda171e1be
Added more YII_ENV constants.
11 years ago
f2ceef4c76
Fixes #686
11 years ago
3bef7365f1
Fixes #624 : renamed www to web.
11 years ago
d1212bc73b
Support relative route in Controller::createUrl()
11 years ago
e433c98ed4
Fixes #599
11 years ago
6f4e2c9b3c
Fixes #647
11 years ago
dd47668cba
added missing return tags to CaptchaAction
11 years ago
02f8062435
fixed code style
11 years ago
6ce60c1666
added support for HTTP verb PATCH
...
To provider better REST API support PATCH method is added which is used
for partial updates, while a PUT should only update whole record.
issues #303 and yiisoft/yii#2664
11 years ago
a6cd7b72bb
refactored helper organization.
11 years ago
bf13f26584
"AssetConverter::convert()" has been updated to use "escapeshellargs"
11 years ago
a128bffb47
Fix for asset command.
11 years ago
Qiang Xue
Carsten Brandt
Alexander Makarov
Benjamin Wöster
Borro
Luciano Baraglia
Ryadnov
Paul Klimov