Alexander Makarov
61b47014a2
Fixes #14643 : Added `yii\web\ErrorAction::$layout` property to conveniently set layout from error action config
...
Co-authored-by: Stas So <etc@swods.ru>
Co-authored-by: Carsten Brandt <mail@cebe.cc>
7 years ago
E.Alamo
e07219c812
Fixes #13996 : Added `yii\web\View::registerJsVar()` method that allows registering JavaScript variables
7 years ago
Klimov Paul
65f6b59b35
`@inheritdoc` notation changed
7 years ago
Paul Klimov
acce1db53b
Fixes #14135 : Fixed `yii\web\Request::getBodyParam()` crashes on object type body params
7 years ago
Alexander Makarov
6c0540aa2d
Fixes #15496 : CSRF token is now regenerated on changing identity
7 years ago
Elvira Sheina
3c017b6b61
Fixes #15462 : Fixed `accessChecker` configuration error
7 years ago
Dmitry Dorogin
28e7f31a37
Fixes #15046 : Throw an `yii\web\HeadersAlreadySentException` if headers were sent before web response
7 years ago
Elvira Sheina
3b1ff661d8
Fixes #7996 : Short syntax for verb in GroupUrlRule
7 years ago
Alexander Makarov
0b413b0e08
Fixed PHP 5.4 compatibility
7 years ago
Sam
4d388f6cd2
Fixes #15317 : Regenerate CSRF token if an empty value is given
7 years ago
Vladimir Reznichenko
185209957e
Fixes #15270 : Resolved potential race conditions when writing generated php-files
7 years ago
Nikolay Oleynikov
48bf8ce048
Fixes #14662 : Added support for custom `Content-Type` specification to `yii\web\JsonResponseFormatter`
7 years ago
Alex Yashkin
2246786483
Fixed jQuery onLoad event handling
...
Fixes #15086
7 years ago
Alexander Makarov
2d672b6722
release version 2.0.13
7 years ago
Dmitry Naumenko
2faf771118
Fixes #13436 : Fixed migration for MSSQL DbSession
7 years ago
Carsten Brandt
93bbf5b39d
Fixes #15015 : Added `StringHelper::floatToString()` to savely cast float values independent of the locale, also fixes some places in the framework that use it now
7 years ago
Dmitry Naumenko
64d8af61a6
Fixes for PHP 7.2 compatibility ( #14959 )
7 years ago
bscheshirwork
8beb36c94f
Use PHP core classes right from root namespace without importing for the sake of clarity
7 years ago
SilverFire - Dmitry Naumenko
d11bed5340
Minor, added strict comparsion
7 years ago
SilverFire - Dmitry Naumenko
ea2c475ea7
Moved `HTTP_AUTHORIZATION` header check to `\yii\web\Request`, added docs
...
Closes #13564
7 years ago
Alexander Makarov
66723d0e74
Fixes #9438 : `yii\web\DbSession` now relies on error handler to display errors
7 years ago
Boudewijn Vahrmeijer
d7c93c9503
fix for #6226 , symlinking files/directories during multithreading ( #14905 )
7 years ago
Tobias Munk
fa1ca1384f
Fixes #14913 : Assset hashing now takes asset linking into account to improve cache busting
7 years ago
Alexander Makarov
3ee7629f13
Fixes #13486 : Use DI container to instantiate cookies in order to be able to set defaults
7 years ago
Olim Saidov
b75a85d0da
Fixes #14902 : Fixed PHP notice in `yii\web\MultipartFormDataParser`
7 years ago
Robin Kamps
75e8bfdc58
Fixes #14087 : Added `yii\web\View::registerCsrfMetaTags()` method that registers CSRF tags dynamically ensuring that caching doesn't interfere
7 years ago
SilverFire - Dmitry Naumenko
1ce796ef0f
Removed ability to define a hostname as trusted because of possible security issues
...
Closes #14691
7 years ago
SilverFire - Dmitry Naumenko
18689c5ed1
Added missing bracket
7 years ago
SilverFire - Dmitry Naumenko
3a8feb17a8
Updated `yii\web\View` to register JS in jQuery 3.0 compatible way
7 years ago
Carsten Brandt
1278b018fa
Add IIS specific header to secure headers ( #14715 )
...
See https://github.com/yiisoft/yii2/issues/14400#issuecomment-324233065
for more details.
7 years ago
Carsten Brandt
9e713dba29
break if a matching trusted host is found
...
fix for https://github.com/yiisoft/yii2/pull/13780#discussion_r134186910
thanks to @krukru !
PR #13780
7 years ago
Robert Korulczyk
5a8c3d537b
Enable `phpdoc_summary` rule in php-cs-fixer config ( #14675 )
...
* Enable `phpdoc_summary` rule in php-cs-fixer config.
* Fix case in "PHPDoc".
7 years ago
Robert Korulczyk
1501c659ac
Add empty lines before return statements. ( #14682 ) [skip ci]
7 years ago
Robert Korulczyk
b99e955627
Fix CS ( #14665 )
...
* Run php-cs-fixer.
* Enable phpdoc_types rule.
7 years ago
Sam
0017d9c660
Fixes #13780 : Added support for trusted proxies in `yii\web\Request`
7 years ago
SilverFire - Dmitry Naumenko
368540f8d0
Added tests
7 years ago
shirase
b6a5697c00
User can login by cookie only once when `autoRenewCookie` is set to false
7 years ago
Alexander Makarov
648971a82b
Fixes #14542 : Ensured only ASCII characters are in CSRF cookie value since binary data causes issues with ModSecurity and some browsers
7 years ago
Dmitry Dorogin
f7fb7cdd87
Fixes #14022 : Added posibility to use aliases in yii\web\UrlManager::setBaseUrl() ( #14540 )
7 years ago
Klimov Paul
578b2caf42
Added `yii\web\MultipartFormDataParser::$force` option allowing to enforce parsing even on 'POST' request
7 years ago
PowerGamer1
8a6f5829d4
Fix for invalid example in Request phpdoc [skip ci]
7 years ago
Alexander Makarov
1f26db9fb7
Applied code style fixes
7 years ago
Dmitry Dorogin
6d2e0aff82
Fixes #14406 : Fixed caching rules in `yii\web\UrlManager` with different `ruleConfig` configuration
7 years ago
Carsten Brandt
69673c0c94
Rename Object -> BaseObject for PHP 7.2 compatibility
...
issue #7936
7 years ago
PowerGamer1
40e242b562
Fixes #14469 : updated RFC links [skip ci]
7 years ago
Alexander Makarov
d38908fc13
Fixed #14469 : updated RFC links
7 years ago
yyxx9988
46bf3c410a
Add `yii\web\Request::getOrigin()` method that returns HTTP_ORIGIN of current CORS request
...
>The Origin request header indicates where a fetch originates from. It doesn't include any path information, but only the server name. It is sent with CORS requests, as well as with POST requests. It is similar to the Referer header, but, unlike this header, it doesn't disclose the whole path.
From https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin
Working code samples
```php
<?php
// We'll be granting access to only the arunranga.com domain
// which we think is safe to access this resource as application/xml
if($_SERVER['HTTP_ORIGIN'] == "http://arunranga.com ") {
header('Access-Control-Allow-Origin: http://arunranga.com ');
header('Content-type: application/xml');
readfile('arunerDotNetResource.xml');
} else {
header('Content-Type: text/html');
echo "<html>";
echo "<head>";
echo " <title>Another Resource</title>";
echo "</head>";
echo "<body>",
"<p>This resource behaves two-fold:";
echo "<ul>",
"<li>If accessed from <code>http://arunranga.com </code> it returns an XML document</li>";
echo "<li>If accessed from any other origin including from simply typing in the URL into the browser's address bar,";
echo "you get this HTML document</li>",
"</ul>",
"</body>",
"</html>";
}
?>
```
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Server-Side_Access_Control for more info.
close #13835
7 years ago
Robert Korulczyk
a50d9d8e3e
Enable `include` rule in php-cs-fixer ( #14418 )
7 years ago
Robert Korulczyk
fe8a0a6a2e
Enable `no_useless_else` rule in php-cs-fixer ( #14420 )
7 years ago
Carsten Brandt
f67d8d5a79
Fixed broken error page when calling an undefined method
...
fixes #14269
7 years ago