Bizley
0041f034fd
[doc] Update PHP doc links ( #18957 )
...
* Replace https://secure.php.net with https://www.php.net
* Replace http://www.php.net with https://www.php.net
3 years ago
Alexander Makarov
13f27e4d92
Fix #18817 : Use `paragonie/random_compat` for random bytes and int generation
3 years ago
Alexander Makarov
700ac02706
release version 2.0.36
4 years ago
Deryabin Sergey
7eb184eadb
Fix #17999 : Fix skipping test case on PHP v >= 7.1 and LibreSSL version >= 2.15
4 years ago
Alexander Makarov
e153c68768
Fix #17725 : Ensure we do not use external polyfills for pbkdf2() as these may be implemented incorrectly
5 years ago
Alexander Makarov
331d997185
Noted in Security::encrypt* that data returned is byte string [skip ci]
5 years ago
Pavel Dovlatov
bdb7c64910
Update to https protocol for php.net links ( #17168 ) [skip ci]
...
* Updated php.net link for some MemCache properties [skip ci]
* Changed protocol to https for links to php.net in comments
* Changed protocol to https for links to php.net in code
* Changed www.php.net (http) to secure.php.net (https) in comments
* Changed www.php.net (http) to secure.php.net (https) in code
* Changed protocol to https for links to php.net in UPGRADE.md
* Changed protocol to https for links to pecl.php.net in comments
* Changed us.php.net to secure.php.net (https) in comments
* Changed protocol to https for links to php.net in docs
* Changed www.php.net (http) to secure.php.net (https) in docs
* Changed protocol to https for links to pecl.php.net in docs
* Changed ru/jp.php.net to secure.php.net (https) in docs
Don't sure about russian guide: is this links meant to be for guide on russian, or not?
6 years ago
Brandon Kelly
e6f5c46cdc
Fixes #15633 : Deprecate some things going away/changing in 2.1
...
- Deprecated `yii\base\BaseObject::className()` in favor of native PHP syntax `::class`, which does not trigger autoloading
- Deprecated XCache and Zend data cache support as caching backends
- Deprecated `yii\BaseYii::powered()` method
- Added `yii\base\InvalidArgumentException` and deprecated `yii\base\InvalidParamException`
- Added `yii\BaseYii::debug()` and deprecated `yii\BaseYii::trace()`
7 years ago
Alexander Makarov
d7be512fa0
Fixes #10186 : Use native `hash_equals` in `yii\base\Security::compareString()` if available, throw exception if non-strings are compared
7 years ago
Ankit Padia
533f9edd35
generatePasswordHash() documentation example syntax error fixed
7 years ago
Sam
05f197825b
Fixes #15332 : Always check for availability of `openssl_pseudo_random_bytes`, even if LibreSSL is available
7 years ago
Robert Korulczyk
1501c659ac
Add empty lines before return statements. ( #14682 ) [skip ci]
7 years ago
Robert Korulczyk
ba0ab403b5
Added php-cs-fixer coding standards validation to Travis CI ( #14100 )
...
* php-cs-fixer: PSR2 rule.
* php-cs-fixer: PSR2 rule - fix views.
* Travis setup refactoring.
* Add php-cs-fixer to travis cs tests.
* Fix tests on hhvm-3.12
* improve travis config
* composer update
* revert composer update
* improve travis config
* Fix CS.
* Extract config to separate classes.
* Extract config to separate classes.
* Add file header.
* Force short array syntax.
* binary_operator_spaces fixer
* Fix broken tests
* cast_spaces fixer
* concat_space fixer
* dir_constant fixer
* ereg_to_preg fixer
* function_typehint_space fixer
* hash_to_slash_comment fixer
* is_null fixer
* linebreak_after_opening_tag fixer
* lowercase_cast fixer
* magic_constant_casing fixer
* modernize_types_casting fixer
* native_function_casing fixer
* new_with_braces fixer
* no_alias_functions fixer
* no_blank_lines_after_class_opening fixer
* no_blank_lines_after_phpdoc fixer
* no_empty_comment fixer
* no_empty_phpdoc fixer
* no_empty_statement fixer
* no_extra_consecutive_blank_lines fixer
* no_leading_import_slash fixer
* no_leading_namespace_whitespace fixer
* no_mixed_echo_print fixer
* no_multiline_whitespace_around_double_arrow fixer
* no_multiline_whitespace_before_semicolons fixer
* no_php4_constructor fixer
* no_short_bool_cast fixer
* no_singleline_whitespace_before_semicolons fixer
* no_spaces_around_offset fixer
* no_trailing_comma_in_list_call fixer
* no_trailing_comma_in_singleline_array fixer
* no_unneeded_control_parentheses fixer
* no_unused_imports fixer
* no_useless_return fixer
* no_whitespace_before_comma_in_array fixer
* no_whitespace_in_blank_line fixer
* not_operator_with_successor_space fixer
* object_operator_without_whitespace fixer
* ordered_imports fixer
* php_unit_construct fixer
* php_unit_dedicate_assert fixer
* php_unit_fqcn_annotation fixer
* phpdoc_indent fixer
* phpdoc_no_access fixer
* phpdoc_no_empty_return fixer
* phpdoc_no_package fixer
* phpdoc_no_useless_inheritdoc fixer
* Fix broken tests
* phpdoc_return_self_reference fixer
* phpdoc_single_line_var_spacing fixer
* phpdoc_single_line_var_spacing fixer
* phpdoc_to_comment fixer
* phpdoc_trim fixer
* phpdoc_var_without_name fixer
* psr4 fixer
* self_accessor fixer
* short_scalar_cast fixer
* single_blank_line_before_namespace fixer
* single_quote fixer
* standardize_not_equals fixer
* ternary_operator_spaces fixer
* trailing_comma_in_multiline_array fixer
* trim_array_spaces fixer
* protected_to_private fixer
* unary_operator_spaces fixer
* whitespace_after_comma_in_array fixer
* `parent::setRules()` -> `$this->setRules()`
* blank_line_after_opening_tag fixer
* Update finder config.
* Revert changes for YiiRequirementChecker.
* Fix array formatting.
* Add missing import.
* Fix CS for new code merged from master.
* Fix some indentation issues.
7 years ago
Nikolay Oleynikov
950e895fe0
Fix phpDocumentor annotations ( #13905 ) [skip ci]
8 years ago
Sam Mousa
8ae207c3a1
Fixes #13837 : Refactored masking of CSRF tokens
8 years ago
Charles R. Portwood II
953a0bba2b
Fixes #13650 : Improved `yii\base\Security::hkdf()` to take advantage of native `hash_hkdf()` implementation in PHP >= 7.1.2
8 years ago
Andrew Nester
953c4a8e5a
Fixes #13407 : Added URL-safe base64 encode/decode methods to `StringHelper`
8 years ago
Carsten Brandt
b8b3aeeb00
update deprecated phpdoc messages
8 years ago
Robert Korulczyk
7a3a342127
Fix errors reported by apidoc extension. ( #12986 )
8 years ago
Robert Korulczyk
4aa935e69e
Fixes #12055 : Changed `boolean` to `bool` and `integer` to `int` in phpdoc
8 years ago
Boudewijn Vahrmeijer
32f4dc8997
Fixes #5385 : links created from classes to corresponding guide articles ( #12920 )
8 years ago
Almir Bolduan
6c1fe1a137
Update Security.php
...
Corrected description for method decryptByKey().
8 years ago
cuiliang
c0df003ac0
merge from master
8 years ago
Carsten Brandt
e94b68436d
complete test coverage for reading /dev/urandom
...
fixes an issue with buffered reading
9 years ago
Carsten Brandt
f2f082dbab
moved checks before random_bytes() to have consistent behavior accross php versions
9 years ago
Alexander Makarov
0c6c1eebd1
Better buffer usage description as suggested by @tom--
...
https://github.com/yiisoft/yii2/pull/11285#discussion_r59960199
9 years ago
Alexander Makarov
6a80a132e2
Converted constant into local variable #11285
9 years ago
Alexander Makarov
81b18e1538
Fixed variable name
9 years ago
Alexander Makarov
371440d59a
More Security component enhancements
...
- Removed PHP version checks since both are met by default because Yii requires 5.4.0+.
- Limit PHP fread buffer in order to prevent entropy wasting.
- Fixed incorrect bytes to read calculation.
- Added more notes explaining decisions.
9 years ago
Tom Worster
c455a3c54b
Security component enhancements
...
- Added tests for random key generation speed.
- Better generateRandomKey() performance for small reads because of using fopen + buffered read and local caching of source detection.
- Use /dev/random on FreeBSD.
9 years ago
Carsten Brandt
191f2a4943
fixed phpdoc type names
9 years ago
Carsten Brandt
f620f4de90
phpdoc fixes
9 years ago
Tom Worster
40fc49bf16
remove obsolete @throw tags
9 years ago
Tom Worster
ba19858e58
move private state var also
9 years ago
Tom Worster
83b61eae43
move "private" consts before generateRandomKey()
9 years ago
Tom Worster
358e9115ed
comment lstat
9 years ago
Tom Worster
e7a888ad11
use file_get_contents and not magic numbers
9 years ago
Tom Worster
1f41a2c9af
Fixes #9878,9879,9880: Make `\base\Security` use `random_bytes()`, LibreSSL, mcrypt, limit OpenSSL to Windows, and to prefer `password_hash()` over `crypt()`
9 years ago
SilverFire - Dmitry Naumenko
cd87d67f34
Global DOCS update: ~~~ replaced with ```
9 years ago
artur
e1509bfe73
Fix methods references
9 years ago
Carsten Brandt
6d9fe671de
various code style and whitespace adjustments
9 years ago
╃巡洋艦㊣
586684b050
2.0.5 bf7edc5
9 years ago
freezy
6a4436f95b
[ Fixes #9177 ] Password Hash Cost setting for Security component
9 years ago
onedevlink
c4ab9a0891
Fixed typo in base/Security file and docs
9 years ago
Alexander Mohorev
68c30c1034
Replace aliases of functions
9 years ago
Yasser Hassan
daab0e9aef
Fixing typo.
...
close #7941
10 years ago
Alexander Makarov
d7346cbfaf
Used PHP_OS instead of php_uname() to check for Linix
10 years ago
Alexander Makarov
4fffd8fcef
Prevented Security from erroring in case of /dev/urandom or /dev/random aren't available
10 years ago
Alexander Makarov
7721baae1f
Used StringHelper for byte operations
10 years ago
tom--
4512833fac
Fixes #7215 : Uses OpenSSL crypto lib instead of Mcrypt. Added testing of encrypted data compatibility, both backward and forward
10 years ago