Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
Y
yii2
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
PSDI Army
yii2
Commits
51c29e44
Commit
51c29e44
authored
Sep 15, 2013
by
Qiang Xue
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
renamed Request::csrfTokenName to csrfVar.
added version, csrfVar and csrfToken to yii js module.
parent
f5778b6b
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
35 additions
and
12 deletions
+35
-12
yii.js
framework/yii/assets/yii.js
+6
-0
HtmlBase.php
framework/yii/helpers/HtmlBase.php
+1
-1
Request.php
framework/yii/web/Request.php
+11
-11
YiiAsset.php
framework/yii/web/YiiAsset.php
+17
-0
No files found.
framework/yii/assets/yii.js
View file @
51c29e44
...
...
@@ -43,7 +43,13 @@
*/
yii
=
(
function
(
$
)
{
var
pub
=
{
// version of Yii framework
version
:
'2.0'
,
// CSRF token name and value. If this is set and a form is created and submitted using JavaScript
// via POST, the CSRF token should be submitted too to pass CSRF validation.
csrfVar
:
undefined
,
csrfToken
:
undefined
,
initModule
:
function
(
module
)
{
if
(
module
.
isActive
===
undefined
||
module
.
isActive
)
{
if
(
$
.
isFunction
(
module
.
init
))
{
...
...
framework/yii/helpers/HtmlBase.php
View file @
51c29e44
...
...
@@ -238,7 +238,7 @@ class HtmlBase
$method
=
'post'
;
}
if
(
$request
->
enableCsrfValidation
)
{
$hiddenInputs
[]
=
static
::
hiddenInput
(
$request
->
csrf
TokenName
,
$request
->
getCsrfToken
());
$hiddenInputs
[]
=
static
::
hiddenInput
(
$request
->
csrf
Var
,
$request
->
getCsrfToken
());
}
}
...
...
framework/yii/web/Request.php
View file @
51c29e44
...
...
@@ -73,16 +73,16 @@ class Request extends \yii\base\Request
* from the same application. If not, a 400 HTTP exception will be raised.
*
* Note, this feature requires that the user client accepts cookie. Also, to use this feature,
* forms submitted via POST method must contain a hidden input whose name is specified by [[csrf
TokenName
]].
* forms submitted via POST method must contain a hidden input whose name is specified by [[csrf
Var
]].
* You may use [[\yii\web\Html::beginForm()]] to generate his hidden input.
* @see http://en.wikipedia.org/wiki/Cross-site_request_forgery
*/
public
$enableCsrfValidation
=
false
;
/**
* @var string the name of the token used to prevent CSRF. Defaults to '
YII_CSRF_TOKEN
'.
* This property is effectively only when
{@link enableCsrfValidation}
is true.
* @var string the name of the token used to prevent CSRF. Defaults to '
_csrf
'.
* This property is effectively only when
[[enableCsrfValidation]]
is true.
*/
public
$csrf
TokenName
=
'_csrf'
;
public
$csrf
Var
=
'_csrf'
;
/**
* @var array the configuration of the CSRF cookie. This property is used only when [[enableCsrfValidation]] is true.
* @see Cookie
...
...
@@ -975,7 +975,7 @@ class Request extends \yii\base\Request
public
function
getCsrfToken
()
{
if
(
$this
->
_csrfCookie
===
null
)
{
$this
->
_csrfCookie
=
$this
->
getCookies
()
->
get
(
$this
->
csrf
TokenName
);
$this
->
_csrfCookie
=
$this
->
getCookies
()
->
get
(
$this
->
csrf
Var
);
if
(
$this
->
_csrfCookie
===
null
)
{
$this
->
_csrfCookie
=
$this
->
createCsrfCookie
();
Yii
::
$app
->
getResponse
()
->
getCookies
()
->
add
(
$this
->
_csrfCookie
);
...
...
@@ -994,7 +994,7 @@ class Request extends \yii\base\Request
protected
function
createCsrfCookie
()
{
$options
=
$this
->
csrfCookie
;
$options
[
'name'
]
=
$this
->
csrf
TokenName
;
$options
[
'name'
]
=
$this
->
csrf
Var
;
$options
[
'value'
]
=
sha1
(
uniqid
(
mt_rand
(),
true
));
return
new
Cookie
(
$options
);
}
...
...
@@ -1015,19 +1015,19 @@ class Request extends \yii\base\Request
$cookies
=
$this
->
getCookies
();
switch
(
$method
)
{
case
'POST'
:
$token
=
$this
->
getPost
(
$this
->
csrf
TokenName
);
$token
=
$this
->
getPost
(
$this
->
csrf
Var
);
break
;
case
'PUT'
:
$token
=
$this
->
getPut
(
$this
->
csrf
TokenName
);
$token
=
$this
->
getPut
(
$this
->
csrf
Var
);
break
;
case
'PATCH'
:
$token
=
$this
->
getPatch
(
$this
->
csrf
TokenName
);
$token
=
$this
->
getPatch
(
$this
->
csrf
Var
);
break
;
case
'DELETE'
:
$token
=
$this
->
getDelete
(
$this
->
csrf
TokenName
);
$token
=
$this
->
getDelete
(
$this
->
csrf
Var
);
}
if
(
empty
(
$token
)
||
$cookies
->
getValue
(
$this
->
csrf
TokenName
)
!==
$token
)
{
if
(
empty
(
$token
)
||
$cookies
->
getValue
(
$this
->
csrf
Var
)
!==
$token
)
{
throw
new
HttpException
(
400
,
Yii
::
t
(
'yii'
,
'Unable to verify your data submission.'
));
}
}
...
...
framework/yii/web/YiiAsset.php
View file @
51c29e44
...
...
@@ -7,6 +7,8 @@
namespace
yii\web
;
use
Yii
;
/**
* @author Qiang Xue <qiang.xue@gmail.com>
* @since 2.0
...
...
@@ -20,4 +22,19 @@ class YiiAsset extends AssetBundle
public
$depends
=
array
(
'yii\web\JqueryAsset'
,
);
/**
* @inheritdoc
*/
public
function
registerAssets
(
$view
)
{
parent
::
registerAssets
(
$view
);
$js
[]
=
"yii.version = '"
.
Yii
::
getVersion
()
.
"';"
;
$request
=
Yii
::
$app
->
getRequest
();
if
(
$request
instanceof
Request
&&
$request
->
enableCsrfValidation
)
{
$js
[]
=
"yii.csrfVar = '
{
$request
->
csrfVar
}
';"
;
$js
[]
=
"yii.csrfToken = '
{
$request
->
csrfToken
}
';"
;
}
$view
->
registerJs
(
implode
(
"
\n
"
,
$js
));
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment