Mirrors/yii2
2
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2026-03-21 22:47:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,140 Commits 10 Branches 80 Tags
383cf0c48d729c9bf4bf979fbbca43715758f708
Commit Graph

887 Commits

Author SHA1 Message Date
Somogyi Márton
5e71b11d8d #17733: Additional fixes for #17665, Forwarded header parsing in Request 
- Remove header from secure headers
- Regexp and return null fix
- Fix tests, fix in array case sensitivity, rx duplicated group name
- Simplify code
- Add phpdoc

Co-Authored-By: Alexander Makarov <sam@rmcreative.ru>
 2019-12-17 21:53:55 +03:00
Mikk Tendermann
83055dcc33 Fix #17665: Implement RFC 7239 Forwarded header parsing in Request 2019-12-12 23:29:54 +03:00
Alexander Makarov
69b1966b4a PHP 7.4 fixes 
- Fix `Model::activeAttributes()` to access array offset on value of non-string
- Fix incorrect decoding of default binary value for PostgreSQL
- Fix incorrect type-casting of reflection type to string
 2019-12-10 15:08:45 +03:00
Bizley
1a8c83ba43 Fix #17694: Fixed Error Handler to clear registered view tags, scripts, and files when rendering error view through action view 2019-12-03 21:36:48 +03:00
Brandon Kelly
40797c1139 Fix #17701: Throw BadRequetHttpException when request params can’t be bound to bool, int, and float controller action arguments 2019-12-03 12:40:56 +03:00
Somogyi Márton
6c1b2db9de Fix #17434: IE Ajax redirect fix for non 11.0 versions 2019-11-18 12:45:35 +03:00
AlexRas007
9c5cd51a3b Fix #17632: Unicode file name was not correctly parsed in multipart forms 2019-11-05 14:42:22 +03:00
Alexandr Kozhevnikov
848ab0ce6e Fix #17606: Fix error in AssetBundle when a disabled bundle with custom init() was still published 2019-10-13 19:50:27 +03:00
Somogyi Márton
9054cdfdcc Fixes #17521: Request::getUserHost() and request::getUserIp() (#17593) 2019-10-05 22:33:29 +03:00
Somogyi Márton
c87855b31c Fix #17573: Request::getUserIP() security fix for the case when Request::$trustedHost and Request::$ipHeaders are used 2019-10-03 14:56:20 +03:00
Alexandr Kozhevnikov
96cd8bcb68 Fix #16826: appendTimestamp support was added to View methods registerCssFile() and registerJsFile() 2019-09-17 14:07:15 +03:00
Somogyi Márton
c75ef05539 Fix #17434: Fix regular expression illegal character; Repeated fix for Internet Explorer 11 AJAX redirect bug in case of 301 and 302 response codes (XMLHttpRequest: Network Error 0x800c0008) 2019-09-10 13:52:08 +03:00
Alexander Makarov
aeff8466ff Fix #17544: Removed incorrect statement about default value from Session::$gCProbability and its getter [skip ci] 2019-09-05 21:38:13 +03:00
Brandon Kelly
37df938338 Fix #16531: Fix error in Response::sendContent() when set_time_limit() is disabled 2019-09-03 19:40:44 +03:00
Somogyi Márton
10a069a3a4 Fix #17434: Fixed Internet Explorer 11 AJAX redirect bug in case of 301 and 302 response codes (XMLHttpRequest: Network Error 0x800c0008) 2019-09-03 17:54:14 +03:00
alex-code
378f9ad598 Fix #17424: Subdomain support for User::loginRequired 2019-07-18 11:46:05 +03:00
Konstantin
5c7db1690e Add type null to @return annotation of findIdentityByAccessToken and findIdentity methods (#17430) [skip ci] 2019-07-12 14:15:24 +03:00
Alexander Makarov
f3d1534125 release version 2.0.21 2019-06-18 17:25:08 +03:00
Alexander Kartavenko
3601d512c2 Fixes #17070: Strip invalid character from fallback file name 2019-06-12 23:41:40 +03:00
rhertogh
1ed6ec1e5c Fixes #17353: Added sameSite support for yii\web\Cookie and yii\web\Session::cookieParams 2019-06-11 00:33:36 +03:00
Alexander Makarov
ffe38a920f release version 2.0.17 2019-03-23 00:26:26 +03:00
Brandon Kelly
55418776d4 Fixes #17215: Improved security for servers running PHP 7.0.0+ 2019-03-20 14:38:12 +03:00
lubosdz
8bb334b9ae Fixes #9438, #13740, #15037: Handle DB session callback custom fields before session closed 2019-03-09 15:54:39 +03:00
Nikolay Poryadin
fc98a95a90 Fixes #17185: Fixed AssetManager timestamp appending when a file is published manually 2019-03-05 18:11:27 +03:00
Mikk Tendermann
81f7d381e5 Fixes #17180: Do not populate yii\web\Response::$response when response code is 204 2019-03-05 12:34:40 +03:00
Pavel Dovlatov
bdb7c64910 Update to https protocol for php.net links (#17168) [skip ci] 
* Updated php.net link for some MemCache properties [skip ci]

* Changed protocol to https for links to php.net in comments

* Changed protocol to https for links to php.net in code

* Changed www.php.net (http) to secure.php.net (https) in comments

* Changed www.php.net (http) to secure.php.net (https) in code

* Changed protocol to https for links to php.net in UPGRADE.md

* Changed protocol to https for links to pecl.php.net in comments

* Changed us.php.net to secure.php.net (https) in comments

* Changed protocol to https for links to php.net in docs

* Changed www.php.net (http) to secure.php.net (https) in docs

* Changed protocol to https for links to pecl.php.net in docs

* Changed ru/jp.php.net to secure.php.net (https) in docs

Don't sure about russian guide: is this links meant to be for guide on russian, or not?
 2019-02-28 13:09:27 +03:00
pdynarowski
c776cf6240 Update UrlManager.php (#17102) 
change >>'POST <controller:[\w-]+>s' => '<controller>/create'<< to >>'POST <controller:[\w-]+>' => '<controller>/create'<<
In POST we don't have 's' so  '<controller>/create but not '<controller>s/create
 2019-02-05 23:08:32 +03:00
Nikolay
fd3eb699d4 Fixes #17094: Fixed response on 204 status. Now it is empty 2019-02-04 00:10:47 +03:00
Carsten Brandt
ed64d65886 release version 2.0.16 2019-01-31 00:54:16 +01:00
Carsten Brandt
1128a6d609 added missing documentation 2019-01-31 00:20:44 +01:00
SilverFire - Dmitry Naumenko
e4eaccc14d Merge branch 'security' 2019-01-28 22:50:38 +02:00
Vladimir Votinov
3c091b802a When uses filter \yii\filters\PageCache, then yii\web\JsonResponseFor… (#17044) 
* When uses filter \yii\filters\PageCache, then yii\web\JsonResponseFormatter sets Response::$content as null, howerer \yii\filter\PageCache has been restore content
 2019-01-18 06:06:08 -05:00
SilverFire - Dmitry Naumenko
659b3d4b77 Fixing DB session override problems 
See #16959
 2019-01-15 12:42:13 +02:00
Nikolay
a140b2b468 Fixes #16991: Removed usage of utf8_encode() from Request::resolvePathInfo() 2019-01-03 17:36:16 -05:00
Andrew
572e5f6655 Fixes #15850: check basePath is writable on publish in AssetManager 2018-12-16 01:54:00 +03:00
Andrew
3221ab0769 Fix #15683: Fix file as array uploading in MultipartFormDataParser (#16950) 2018-12-10 11:49:36 +03:00
SilverFire - Dmitry Naumenko
8c72db9b48 Enhanced PHPDocs for IdentityInterface::getAuthKey() 2018-11-25 11:55:49 +02:00
SilverFire - Dmitry Naumenko
1e13bfd13d Fixed CSRF token check bypassing in Request::getMethod() 2018-11-23 12:55:16 +02:00
Carsten Brandt
c82aedb86d add a comment to explain why Url::to() is called in Controller::redirect() 
close #16887
 2018-11-14 15:56:03 +01:00
Bizley
ab39246ab5 Fixes #16101: Fixed Error Handler to clear registered meta tags, link tags, css/js scripts and files in error view 2018-10-27 20:27:58 +03:00
Alexandr Ivanov
0ad5afd387 Fixes #14759: Fixed yii\web\JsonResponseFormatter output for null data 2018-10-07 16:26:59 +03:00
Alexander Makarov
15dfbb0875 Fixes #16322: Fixed strings were not were not compared using timing attack resistant approach while CSRF token validation 2018-05-30 22:48:07 +03:00
Rustam Mamadaminov
0d87c339f2 dropped deprecated exception (#16328) 2018-05-30 00:13:31 +03:00
Viktor
0b61f9ba3b Fixes #16301: Fixed yii\web\User::setIdentity() to clear access check cache while setting identity object to null 2018-05-21 22:19:49 +05:00
Vladimir Reznichenko
6dd2aec011 [minor]: SCA (#16269) 
* Php Inspections (EA Ultimate): minor code tweaks

* Php Inspections (EA Ultimate): code style

* Php Inspections (EA Ultimate): code style

* Php Inspections (EA Ultimate): code style
 2018-05-14 12:00:01 +03:00
Ondřej Vašíček
ff83a13d57 Fixes #16068: Fixed yii\web\CookieCollection::has when an expiration param is set to 'until the browser is closed' 2018-04-30 13:07:36 +03:00
Konstantin
e2627d19fd Adjusted UploadedFile::getInstance() phpdoc [skip ci] 2018-04-24 15:53:52 +03:00
pgaultier
35ac718110 Fixes #16006: Handle case when X-Forwarded-Host header have multiple hosts separated with a comma 2018-03-31 16:17:16 +03:00
Vladimir Reznichenko
1a74b3d4f8 [minor] SCA with Php Inspections (EA Ultimate) (#15871) 
* Php Inspections (EA Ultimate): use type casting where applicable

* Php Inspections (EA Ultimate): use constants where applicable

* Php Inspections (EA Ultimate): CS

* Php Inspections (EA Ultimate): address some of one-time used variables

* Php Inspections (EA Ultimate): address some of performance-related findings

* Php Inspections (EA Ultimate): address some of performance-related findings

* Php Inspections (EA Ultimate): revert a constant usage

* Php Inspections (EA Ultimate): revert sequential assignments

* Php Inspections (EA Ultimate): build is green again

* Php Inspections (EA Ultimate): revert array_merge tweaks

* Php Inspections (EA Ultimate): revert BC-incompatible one-time used variable tweak

* Update description [skip ci]

* Php Inspections (EA Ultimate): CS
 2018-03-12 01:37:19 +03:00
Dmitry Naumenko
5e16c67673 Merge pull request #15797 from kalessil/master 
[minor] Static code analysis
 2018-03-10 15:42:48 +02:00