Commit 75ae3db9 by pzaremba

Reverted changes unrelated to issue #2325

parent 9b96338a
...@@ -4,7 +4,6 @@ Yii Framework 2 Change Log ...@@ -4,7 +4,6 @@ Yii Framework 2 Change Log
2.0.0 beta under development 2.0.0 beta under development
---------------------------- ----------------------------
- Enh: Adding support for the `X-HTTP-Method-Override` header in `yii\web\Request::getMethod()`.
- Bug #1265: AssetController does not override 'js' and 'css' for compressed bundles (klimov-paul) - Bug #1265: AssetController does not override 'js' and 'css' for compressed bundles (klimov-paul)
- Bug #1326: The `visible` setting for `DetailView` doesn't work as expected (qiangxue) - Bug #1326: The `visible` setting for `DetailView` doesn't work as expected (qiangxue)
- Bug #1412: `FileValidator` and `ImageValidator` still trigger `uploadRequired` error in some case when `skipOnEmpty` is true and no upload is provided (qiangxue) - Bug #1412: `FileValidator` and `ImageValidator` still trigger `uploadRequired` error in some case when `skipOnEmpty` is true and no upload is provided (qiangxue)
...@@ -121,6 +120,7 @@ Yii Framework 2 Change Log ...@@ -121,6 +120,7 @@ Yii Framework 2 Change Log
- Enh: Improved `QueryBuilder::buildLimit()` to support big numbers (qiangxue) - Enh: Improved `QueryBuilder::buildLimit()` to support big numbers (qiangxue)
- Enh:#2211: Added typecast database types into php types (dizews) - Enh:#2211: Added typecast database types into php types (dizews)
- Enh #2240: Improved `yii\web\AssetManager::publish()`, `yii\web\AssetManager::getPublishedPath()` and `yii\web\AssetManager::getPublishedUrl()` to support aliases (vova07) - Enh #2240: Improved `yii\web\AssetManager::publish()`, `yii\web\AssetManager::getPublishedPath()` and `yii\web\AssetManager::getPublishedUrl()` to support aliases (vova07)
- Enh #2325: Adding support for the `X-HTTP-Method-Override` header in `yii\web\Request::getMethod()` (pawzar)
- Chg #1519: `yii\web\User::loginRequired()` now returns the `Response` object instead of exiting the application (qiangxue) - Chg #1519: `yii\web\User::loginRequired()` now returns the `Response` object instead of exiting the application (qiangxue)
- Chg #1586: `QueryBuilder::buildLikeCondition()` will now escape special characters and use percentage characters by default (qiangxue) - Chg #1586: `QueryBuilder::buildLikeCondition()` will now escape special characters and use percentage characters by default (qiangxue)
- Chg #1610: `Html::activeCheckboxList()` and `Html::activeRadioList()` will submit an empty string if no checkbox/radio is selected (qiangxue) - Chg #1610: `Html::activeCheckboxList()` and `Html::activeRadioList()` will submit an empty string if no checkbox/radio is selected (qiangxue)
......
...@@ -79,7 +79,6 @@ use yii\helpers\StringHelper; ...@@ -79,7 +79,6 @@ use yii\helpers\StringHelper;
*/ */
class Request extends \yii\base\Request class Request extends \yii\base\Request
{ {
/** /**
* The name of the HTTP header for sending CSRF token. * The name of the HTTP header for sending CSRF token.
*/ */
...@@ -89,6 +88,7 @@ class Request extends \yii\base\Request ...@@ -89,6 +88,7 @@ class Request extends \yii\base\Request
*/ */
const CSRF_MASK_LENGTH = 8; const CSRF_MASK_LENGTH = 8;
/** /**
* @var boolean whether to enable CSRF (Cross-Site Request Forgery) validation. Defaults to true. * @var boolean whether to enable CSRF (Cross-Site Request Forgery) validation. Defaults to true.
* When CSRF validation is enabled, forms submitted to an Yii Web application must be originated * When CSRF validation is enabled, forms submitted to an Yii Web application must be originated
...@@ -146,7 +146,9 @@ class Request extends \yii\base\Request ...@@ -146,7 +146,9 @@ class Request extends \yii\base\Request
* @see getBodyParams() * @see getBodyParams()
*/ */
public $parsers = []; public $parsers = [];
private $_cookies; private $_cookies;
/** /**
* @var array the headers in this collection (indexed by the header names) * @var array the headers in this collection (indexed by the header names)
*/ */
...@@ -748,7 +750,8 @@ class Request extends \yii\base\Request ...@@ -748,7 +750,8 @@ class Request extends \yii\base\Request
*/ */
public function getIsSecureConnection() public function getIsSecureConnection()
{ {
return isset($_SERVER['HTTPS']) && (strcasecmp($_SERVER['HTTPS'], 'on') === 0 || $_SERVER['HTTPS'] == 1) || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') === 0; return isset($_SERVER['HTTPS']) && (strcasecmp($_SERVER['HTTPS'], 'on') === 0 || $_SERVER['HTTPS'] == 1)
|| isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') === 0;
} }
/** /**
...@@ -1194,7 +1197,8 @@ class Request extends \yii\base\Request ...@@ -1194,7 +1197,8 @@ class Request extends \yii\base\Request
} }
$trueToken = $this->getCookies()->getValue($this->csrfVar); $trueToken = $this->getCookies()->getValue($this->csrfVar);
$token = $this->getBodyParam($this->csrfVar); $token = $this->getBodyParam($this->csrfVar);
return $this->validateCsrfTokenInternal($token, $trueToken) || $this->validateCsrfTokenInternal($this->getCsrfTokenFromHeader(), $trueToken); return $this->validateCsrfTokenInternal($token, $trueToken)
|| $this->validateCsrfTokenInternal($this->getCsrfTokenFromHeader(), $trueToken);
} }
private function validateCsrfTokenInternal($token, $trueToken) private function validateCsrfTokenInternal($token, $trueToken)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment