cuileon
489dd119a5
merge from yiisoft/yii2
6 years ago
Bizley
ab39246ab5
Fixes #16101 : Fixed Error Handler to clear registered meta tags, link tags, css/js scripts and files in error view
6 years ago
Alexandr Ivanov
0ad5afd387
Fixes #14759 : Fixed `yii\web\JsonResponseFormatter` output for `null` data
6 years ago
Carsten Brandt
d0712e4918
added tests to verify issue #16484
...
the case is to match all module names before a catch-all URL rule.
module routes should work with "module name only", "module
name+controller name" and "module/controller/action".
6 years ago
Viktor
0b61f9ba3b
Fixes #16301 : Fixed `yii\web\User::setIdentity()` to clear access check cache while setting identity object to `null`
6 years ago
pgaultier
35ac718110
Fixes #16006 : Handle case when `X-Forwarded-Host` header have multiple hosts separated with a comma
7 years ago
bscheshirwork
7473c422ee
Fixes #15318 : Fixed "session_name(): Cannot change session name when session is active" errors
7 years ago
Benoît
517a5ad93c
Add tests
7 years ago
SilverFire - Dmitry Naumenko
9323817a53
Refactored code, added tests
7 years ago
Aleksandar Belic
b566dd522c
Fixes #15272 : Removed type attribute from script tag
7 years ago
Alexander Makarov
25f8b263e5
Fixes #14811 : Fixed `yii\filters\HttpCache` to work with PHP 7.2
7 years ago
Alexander Makarov
a23a325ca7
Fixes #15627 : Corrected session freezing/unfreezing not to attempt opening or closing connection if it isn't necessary
7 years ago
Alexander Makarov
64d57043b1
Fixes #11401 : Fixed `yii\web\DbSession` concurrency issues when writing and regenerating IDs
7 years ago
Brandon Kelly
2e55570e1f
Fixes #15621 : Fixed `yii\web\User::getIdentity()` returning `null` if an exception had been thrown when it was called previously
7 years ago
Alexander
24f4e3126a
Bug #15523 : `yii\web\Session` settings could now be configured after session is started (StalkAlex, rob006, daniel1302, samdark)
...
Co-authored-by: Alexander Makarov <sam@rmcreative.ru>
Co-authored-by: Robert Korulczyk <robert@korulczyk.pl>
Co-authored-by: daniel.1302 <daniel.1302@gmail.com>
7 years ago
Гордиенко Владислав Юрьевич
7cafa65ad2
Fixes #15216 : Added `yii\web\ErrorHandler::$traceLine` to allow opening file at line clicked in IDE
7 years ago
Alexander Makarov
7bafb7bf09
Fixes #14488 : Added support for X-Forwarded-Host to `yii\web\Request`, fixed `getServerPort()` usage
7 years ago
Alexander Makarov
61b47014a2
Fixes #14643 : Added `yii\web\ErrorAction::$layout` property to conveniently set layout from error action config
...
Co-authored-by: Stas So <etc@swods.ru>
Co-authored-by: Carsten Brandt <mail@cebe.cc>
7 years ago
E.Alamo
e07219c812
Fixes #13996 : Added `yii\web\View::registerJsVar()` method that allows registering JavaScript variables
7 years ago
Paul Klimov
acce1db53b
Fixes #14135 : Fixed `yii\web\Request::getBodyParam()` crashes on object type body params
7 years ago
Elvira Sheina
3c017b6b61
Fixes #15462 : Fixed `accessChecker` configuration error
7 years ago
Elvira Sheina
3b1ff661d8
Fixes #7996 : Short syntax for verb in GroupUrlRule
7 years ago
Sam
4d388f6cd2
Fixes #15317 : Regenerate CSRF token if an empty value is given
7 years ago
Alexander Makarov
4270470523
Various test fixes (mostly Windows-specific) ( #15336 )
7 years ago
Alexander Makarov
efac23dde7
Fixes #15335 : Added `FileHelper::unlink()` that works well under all OSes
7 years ago
Gabriel Caruso
2992b9b09d
Refactored tests with PHPUnit assert methods ( #15260 )
7 years ago
bscheshirwork
ba38edd393
Fix last time driver use if not support any ( #15246 )
7 years ago
Nikolay Oleynikov
48bf8ce048
Fixes #14662 : Added support for custom `Content-Type` specification to `yii\web\JsonResponseFormatter`
7 years ago
SilverFire - Dmitry Naumenko
5c6ba33e55
Disabled only PgSQL tests of DbSession in HHVM
7 years ago
SilverFire - Dmitry Naumenko
0dede3922d
Disabled DbSession tests for HHVM
7 years ago
Alexander Makarov
fb23b0d0ea
Code style fixes
7 years ago
SilverFire - Dmitry Naumenko
4831263716
Fixed tests for HHVM and PHP 5.4
7 years ago
Dmitry Naumenko
2faf771118
Fixes #13436 : Fixed migration for MSSQL DbSession
7 years ago
SilverFire - Dmitry Naumenko
ea2c475ea7
Moved `HTTP_AUTHORIZATION` header check to `\yii\web\Request`, added docs
...
Closes #13564
7 years ago
Robin Kamps
75e8bfdc58
Fixes #14087 : Added `yii\web\View::registerCsrfMetaTags()` method that registers CSRF tags dynamically ensuring that caching doesn't interfere
7 years ago
SilverFire - Dmitry Naumenko
1ce796ef0f
Removed ability to define a hostname as trusted because of possible security issues
...
Closes #14691
7 years ago
Robert Korulczyk
5a8c3d537b
Enable `phpdoc_summary` rule in php-cs-fixer config ( #14675 )
...
* Enable `phpdoc_summary` rule in php-cs-fixer config.
* Fix case in "PHPDoc".
7 years ago
Robert Korulczyk
1501c659ac
Add empty lines before return statements. ( #14682 ) [skip ci]
7 years ago
Robert Korulczyk
0c0942d6e2
Enable `phpdoc_add_missing_param_annotation` rule in php-cs-fixer config. ( #14681 ) [skip ci]
7 years ago
Robert Korulczyk
b99e955627
Fix CS ( #14665 )
...
* Run php-cs-fixer.
* Enable phpdoc_types rule.
7 years ago
Sam
0017d9c660
Fixes #13780 : Added support for trusted proxies in `yii\web\Request`
7 years ago
SilverFire - Dmitry Naumenko
368540f8d0
Added tests
7 years ago
Alexander Makarov
648971a82b
Fixes #14542 : Ensured only ASCII characters are in CSRF cookie value since binary data causes issues with ModSecurity and some browsers
7 years ago
Dmitry Dorogin
f7fb7cdd87
Fixes #14022 : Added posibility to use aliases in yii\web\UrlManager::setBaseUrl() ( #14540 )
7 years ago
Klimov Paul
578b2caf42
Added `yii\web\MultipartFormDataParser::$force` option allowing to enforce parsing even on 'POST' request
7 years ago
Dmitry Dorogin
6d2e0aff82
Fixes #14406 : Fixed caching rules in `yii\web\UrlManager` with different `ruleConfig` configuration
7 years ago
Carsten Brandt
69673c0c94
Rename Object -> BaseObject for PHP 7.2 compatibility
...
issue #7936
7 years ago
Alexander Makarov
d38908fc13
Fixed #14469 : updated RFC links
7 years ago
yyxx9988
46bf3c410a
Add `yii\web\Request::getOrigin()` method that returns HTTP_ORIGIN of current CORS request
...
>The Origin request header indicates where a fetch originates from. It doesn't include any path information, but only the server name. It is sent with CORS requests, as well as with POST requests. It is similar to the Referer header, but, unlike this header, it doesn't disclose the whole path.
From https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin
Working code samples
```php
<?php
// We'll be granting access to only the arunranga.com domain
// which we think is safe to access this resource as application/xml
if($_SERVER['HTTP_ORIGIN'] == "http://arunranga.com ") {
header('Access-Control-Allow-Origin: http://arunranga.com ');
header('Content-type: application/xml');
readfile('arunerDotNetResource.xml');
} else {
header('Content-Type: text/html');
echo "<html>";
echo "<head>";
echo " <title>Another Resource</title>";
echo "</head>";
echo "<body>",
"<p>This resource behaves two-fold:";
echo "<ul>",
"<li>If accessed from <code>http://arunranga.com </code> it returns an XML document</li>";
echo "<li>If accessed from any other origin including from simply typing in the URL into the browser's address bar,";
echo "you get this HTML document</li>",
"</ul>",
"</body>",
"</html>";
}
?>
```
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Server-Side_Access_Control for more info.
close #13835
7 years ago
Robert Korulczyk
12eb936083
Enable `heredoc_to_nowdoc` rule in php-cs-fixer ( #14419 )
7 years ago