Currently security guide is very thrifty with information on what a topic is about. So for beginners it is not clear why something like CSRF or XSS protection is even needed.
I added a few reference links to allow reading about more background behind the topics.
UrlManager is a complex class with a large bunch of options that needs
to be tested
and we had a few regressions in the past even though there are already a
lot of tests
covering it. Test coverage measured by lines does not help us determine
how good it is tested,
we need test coverage for every major path through the code.
I have refactored the UrlManager tests to reflect the different options
and cases to
have a better overview of which cases are covered and which are not.
UrlManager has two main operation modes:
- "default" url format, which is the simple case. These are covered by
methods in `UrlManagerTest`.
- "pretty" url format. This is the complex case, which involves UrlRules
and url parsing.
I have created two separate classes for this case:
Url creation for "pretty" url format is covered by
`UrlManagerCreateUrlTest`.
Url parsing for "pretty" url format is covered by
`UrlManagerParseUrlTest`.
Each of the test classes have a `getUrlManager` method that creates a
UrlManager instance
with a specific configuration and certain variations in options.
It is also tested that options that are not relevant in a certain
operation mode have no effect on the result.
To make sure to not remove tests that have existed before, here is a map
of where code has been moved.
The following test methods existed in the [old test
class](4187718c14/tests/framework/web/UrlManagerTest.php):
- `testCreateUrl()` split between UrlManagerTest and
UrlManagerCreateUrlTest variations should all be covered by
`variationsProvider()`.
- `testCreateUrlWithNullParams()` covered by UrlManagerCreateUrlTest by
`testWithNullParams()`
- `testCreateUrlWithEmptyPattern()`
- `testCreateAbsoluteUrl()` covered in UrlManagerCreateUrlTest by new
tests via `variationsProvider()`.
- `testCreateAbsoluteUrlWithSuffix()` covered in UrlManagerCreateUrlTest
by `testAbsolutePatterns`.
- `testParseRequest()` covered by UrlManagerParseUrlTest, UrlNormalizer
related parts moved to UrlNormalizerTest.
- `testParseRESTRequest()` moved to UrlManagerParseUrlTest
- `testHash()` covered in different tests in UrlManagerCreateUrlTest.
- `testMultipleHostsRules($host)` kept as is.
Before:
$ vendor/bin/phpunit tests/framework/web/UrlManagerTest.php
...
OK (12 tests, 89 assertions)
After:
$ vendor/bin/phpunit tests/framework/web/UrlManager*.php
...
OK (72 tests, 648 assertions)
Added catch `\Throwable` to be compatible with PHP7.
Added it in cases where object state needs to be kept consistent.
Mainly on transactions but also some other places where some values are
reset before exiting.
Most of them could probably be refactored by using `finally` in 2.1, as
that requires PHP 5.5.
fixes#12619
This section had the "under development note" for a long time and was
lacking a lot of information.
It should also contain info about `yii.js` but that is to be added in
another PR.
* Closes#6242: Access to validator in inline validation
* Updated PHPDoc according to PR review [skip ci]
* Imrpoved PHPDoc, updated guide info [skip ci]
* Fixes related with PR review
* Corrected CHANGELOG [skip ci]
* Update input-validation.md
added version info
* fixes#8354 to improve docs on table prefixes
* accents
* patched silverfires comments
* Update db-active-record.md
improved wording and added link about quoting.
* fix link to DAO guide