903 Commits

Author	SHA1	Message	Date
scottix	975937e531	Fix #18006: Allow SameSite cookie pre PHP 7.3	2020-05-01 13:28:23 +03:00
Brandon Kelly	13c14292c2	Fix #17948: Ignore errors caused by set_time_limit(0)	2020-04-05 11:55:26 +03:00
Alexander Makarov	fbd7eded2d	Bug #17933: Log warning instead of erroring when URLManager is unable to initialize cache	2020-03-26 23:21:35 +03:00
Brandon Kelly	f8d417c42a	Fixed usage of non-existing ResponseEvent in yii\web\Response docs (#17939)	2020-03-26 15:45:39 +03:00
Alexander Makarov	65e5640810	Fix #17932: Fix regression in detection of AJAX requests (#17937)	2020-03-26 12:30:56 +03:00
Igor Tarasov	7f88acb313	Fix #17878: Detect CORS AJAX requests without X-Requested-With in Request::getIsAjax()	2020-03-24 19:01:52 +03:00
Alex	4b6d3c0290	Fix #17929: Actions can now have bool typed params bound	2020-03-24 18:44:43 +03:00
Robert Korulczyk	ec089fea5a	Fix #16721: Use Instance::ensure() to initialize UrlManager::$cache	2020-02-23 16:02:27 +03:00
Yusup Hambali	55793471ea	Fix #17875: Revert move_uploaded_file() function instead of copy() and unlink() for saving uploaded files when POST request	2020-02-20 12:22:01 +03:00
Alexander Makarov	7ec7fd11ee	Fix #17878: Added note about fetch() to Request::getIsAjax() phpdoc [skip ci]	2020-02-20 01:10:59 +03:00
schevgeny	15d425a3e3	Fix #17843: Fix yii\web\Session::setCookieParamsInternal check param "samesite"	2020-02-03 13:52:46 +03:00
haveyaseen	82b7ecbdf3	Fix #17828: Fix yii\web\UploadedFile::saveAs() failing when error value in $_FILES entry is a string	2020-02-01 12:56:22 +03:00
Alexander Makarov	fd6ccb615c	release version 2.0.32	2020-01-22 01:29:38 +03:00
Alexander Makarov	706890a36e	Add "since" tags to UploadedFile [skip ci]	2020-01-22 01:01:16 +03:00
Ather Shu	038ce9f77e	Fix #17755: Fix a bug for web request with trustedHosts set to format ['10.0.0.1' => ['X-Forwarded-For']]	2020-01-15 15:51:57 +03:00
Yusup Hambali	cf0e56907f	Fix #17037, Fix #17729: Fix uploaded file saving for multipart forms, add path alias support for UploadFile::saveAs()	2020-01-15 00:57:45 +03:00
Somogyi Márton	5e71b11d8d	#17733: Additional fixes for #17665, Forwarded header parsing in Request ... - Remove header from secure headers - Regexp and return null fix - Fix tests, fix in array case sensitivity, rx duplicated group name - Simplify code - Add phpdoc Co-Authored-By: Alexander Makarov <sam@rmcreative.ru>	2019-12-17 21:53:55 +03:00
Mikk Tendermann	83055dcc33	Fix #17665: Implement RFC 7239 Forwarded header parsing in Request	2019-12-12 23:29:54 +03:00
Alexander Makarov	69b1966b4a	PHP 7.4 fixes ... - Fix `Model::activeAttributes()` to access array offset on value of non-string - Fix incorrect decoding of default binary value for PostgreSQL - Fix incorrect type-casting of reflection type to string	2019-12-10 15:08:45 +03:00
Bizley	1a8c83ba43	Fix #17694: Fixed Error Handler to clear registered view tags, scripts, and files when rendering error view through action view	2019-12-03 21:36:48 +03:00
Brandon Kelly	40797c1139	Fix #17701: Throw BadRequetHttpException when request params can’t be bound to bool, int, and float controller action arguments	2019-12-03 12:40:56 +03:00
Somogyi Márton	6c1b2db9de	Fix #17434: IE Ajax redirect fix for non 11.0 versions	2019-11-18 12:45:35 +03:00
AlexRas007	9c5cd51a3b	Fix #17632: Unicode file name was not correctly parsed in multipart forms	2019-11-05 14:42:22 +03:00
Alexandr Kozhevnikov	848ab0ce6e	Fix #17606: Fix error in AssetBundle when a disabled bundle with custom init() was still published	2019-10-13 19:50:27 +03:00
Somogyi Márton	9054cdfdcc	Fixes #17521: Request::getUserHost() and request::getUserIp() (#17593)	2019-10-05 22:33:29 +03:00
Somogyi Márton	c87855b31c	Fix #17573: Request::getUserIP() security fix for the case when Request::$trustedHost and Request::$ipHeaders are used	2019-10-03 14:56:20 +03:00
Alexandr Kozhevnikov	96cd8bcb68	Fix #16826: appendTimestamp support was added to View methods registerCssFile() and registerJsFile()	2019-09-17 14:07:15 +03:00
Somogyi Márton	c75ef05539	Fix #17434: Fix regular expression illegal character; Repeated fix for Internet Explorer 11 AJAX redirect bug in case of 301 and 302 response codes (XMLHttpRequest: Network Error 0x800c0008)	2019-09-10 13:52:08 +03:00
Alexander Makarov	aeff8466ff	Fix #17544: Removed incorrect statement about default value from Session::$gCProbability and its getter [skip ci]	2019-09-05 21:38:13 +03:00
Brandon Kelly	37df938338	Fix #16531: Fix error in Response::sendContent() when set_time_limit() is disabled	2019-09-03 19:40:44 +03:00
Somogyi Márton	10a069a3a4	Fix #17434: Fixed Internet Explorer 11 AJAX redirect bug in case of 301 and 302 response codes (XMLHttpRequest: Network Error 0x800c0008)	2019-09-03 17:54:14 +03:00
alex-code	378f9ad598	Fix #17424: Subdomain support for User::loginRequired	2019-07-18 11:46:05 +03:00
Konstantin	5c7db1690e	Add type null to @return annotation of findIdentityByAccessToken and findIdentity methods (#17430) [skip ci]	2019-07-12 14:15:24 +03:00
Alexander Makarov	f3d1534125	release version 2.0.21	2019-06-18 17:25:08 +03:00
Alexander Kartavenko	3601d512c2	Fixes #17070: Strip invalid character from fallback file name	2019-06-12 23:41:40 +03:00
rhertogh	1ed6ec1e5c	Fixes #17353: Added sameSite support for yii\web\Cookie and yii\web\Session::cookieParams	2019-06-11 00:33:36 +03:00
Alexander Makarov	ffe38a920f	release version 2.0.17	2019-03-23 00:26:26 +03:00
Brandon Kelly	55418776d4	Fixes #17215: Improved security for servers running PHP 7.0.0+	2019-03-20 14:38:12 +03:00
lubosdz	8bb334b9ae	Fixes #9438, #13740, #15037: Handle DB session callback custom fields before session closed	2019-03-09 15:54:39 +03:00
Nikolay Poryadin	fc98a95a90	Fixes #17185: Fixed AssetManager timestamp appending when a file is published manually	2019-03-05 18:11:27 +03:00
Mikk Tendermann	81f7d381e5	Fixes #17180: Do not populate yii\web\Response::$response when response code is 204	2019-03-05 12:34:40 +03:00
Pavel Dovlatov	bdb7c64910	Update to https protocol for php.net links (#17168) [skip ci] ... * Updated php.net link for some MemCache properties [skip ci] * Changed protocol to https for links to php.net in comments * Changed protocol to https for links to php.net in code * Changed www.php.net (http) to secure.php.net (https) in comments * Changed www.php.net (http) to secure.php.net (https) in code * Changed protocol to https for links to php.net in UPGRADE.md * Changed protocol to https for links to pecl.php.net in comments * Changed us.php.net to secure.php.net (https) in comments * Changed protocol to https for links to php.net in docs * Changed www.php.net (http) to secure.php.net (https) in docs * Changed protocol to https for links to pecl.php.net in docs * Changed ru/jp.php.net to secure.php.net (https) in docs Don't sure about russian guide: is this links meant to be for guide on russian, or not?	2019-02-28 13:09:27 +03:00
pdynarowski	c776cf6240	Update UrlManager.php (#17102) ... change >>'POST <controller:[\w-]+>s' => '<controller>/create'<< to >>'POST <controller:[\w-]+>' => '<controller>/create'<< In POST we don't have 's' so '<controller>/create but not '<controller>s/create	2019-02-05 23:08:32 +03:00
Nikolay	fd3eb699d4	Fixes #17094: Fixed response on 204 status. Now it is empty	2019-02-04 00:10:47 +03:00
Carsten Brandt	ed64d65886	release version 2.0.16	2019-01-31 00:54:16 +01:00
Carsten Brandt	1128a6d609	added missing documentation	2019-01-31 00:20:44 +01:00
SilverFire - Dmitry Naumenko	e4eaccc14d	Merge branch 'security'	2019-01-28 22:50:38 +02:00
Vladimir Votinov	3c091b802a	When uses filter \yii\filters\PageCache, then yii\web\JsonResponseFor… (#17044) ... * When uses filter \yii\filters\PageCache, then yii\web\JsonResponseFormatter sets Response::$content as null, howerer \yii\filter\PageCache has been restore content	2019-01-18 06:06:08 -05:00
SilverFire - Dmitry Naumenko	659b3d4b77	Fixing DB session override problems ... See #16959	2019-01-15 12:42:13 +02:00
Nikolay	a140b2b468	Fixes #16991: Removed usage of utf8_encode() from Request::resolvePathInfo()	2019-01-03 17:36:16 -05:00