Reverted changes unrelated to issue #2325

75ae3db9 · pzaremba · 9b96338a · 75ae3db9 · 75ae3db9
Commit 75ae3db9 authored Feb 05, 2014 by pzaremba
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 4 deletions

CHANGELOG.md framework/CHANGELOG.md +1 -1

Request.php framework/web/Request.php +7 -3

No files found.
--- a/framework/CHANGELOG.md
+++ b/framework/CHANGELOG.md
@@ -4,7 +4,6 @@ Yii Framework 2 Change Log
 2.0.0 beta under development
 ----------------------------

- Enh: Adding support for the `X-HTTP-Method-Override` header in `yii\web\Request::getMethod()`.
 - Bug #1265: AssetController does not override 'js' and 'css' for compressed bundles (klimov-paul)
 - Bug #1326: The `visible` setting for `DetailView` doesn't work as expected (qiangxue)
 - Bug #1412: `FileValidator` and `ImageValidator` still trigger `uploadRequired` error in some case when `skipOnEmpty` is true and no upload is provided (qiangxue)
@@ -121,6 +120,7 @@ Yii Framework 2 Change Log
 - Enh: Improved `QueryBuilder::buildLimit()` to support big numbers (qiangxue)
 - Enh:#2211: Added typecast database types into php types (dizews)
 - Enh #2240: Improved `yii\web\AssetManager::publish()`, `yii\web\AssetManager::getPublishedPath()` and `yii\web\AssetManager::getPublishedUrl()` to support aliases (vova07)
+- Enh #2325: Adding support for the `X-HTTP-Method-Override` header in `yii\web\Request::getMethod()` (pawzar)
 - Chg #1519: `yii\web\User::loginRequired()` now returns the `Response` object instead of exiting the application (qiangxue)
 - Chg #1586: `QueryBuilder::buildLikeCondition()` will now escape special characters and use percentage characters by default (qiangxue)
 - Chg #1610: `Html::activeCheckboxList()` and `Html::activeRadioList()` will submit an empty string if no checkbox/radio is selected (qiangxue)

--- a/framework/web/Request.php
+++ b/framework/web/Request.php
@@ -79,7 +79,6 @@ use yii\helpers\StringHelper;
 */
 class Request extends \yii\base\Request
 {
-
 	/**
 	 * The name of the HTTP header for sending CSRF token.
 	 */
@@ -89,6 +88,7 @@ class Request extends \yii\base\Request
 	 */
 	const CSRF_MASK_LENGTH = 8;

+
 	/**
 	 * @var boolean whether to enable CSRF (Cross-Site Request Forgery) validation. Defaults to true.
 	 * When CSRF validation is enabled, forms submitted to an Yii Web application must be originated
@@ -146,7 +146,9 @@ class Request extends \yii\base\Request
 	 * @see getBodyParams()
 	 */
 	public $parsers = [];
+
 	private $_cookies;
+
 	/**
 	 * @var array the headers in this collection (indexed by the header names)
 	 */
@@ -748,7 +750,8 @@ class Request extends \yii\base\Request
 	 */
 	public function getIsSecureConnection()
 	{
-		return isset($_SERVER['HTTPS']) && (strcasecmp($_SERVER['HTTPS'], 'on') === 0 || $_SERVER['HTTPS'] == 1) || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') === 0;
+		return isset($_SERVER['HTTPS']) && (strcasecmp($_SERVER['HTTPS'], 'on') === 0 || $_SERVER['HTTPS'] == 1)
+			|| isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') === 0;
 	}

 	/**
@@ -1194,7 +1197,8 @@ class Request extends \yii\base\Request
 		}
 		$trueToken = $this->getCookies()->getValue($this->csrfVar);
 		$token = $this->getBodyParam($this->csrfVar);
-		return $this->validateCsrfTokenInternal($token, $trueToken) || $this->validateCsrfTokenInternal($this->getCsrfTokenFromHeader(), $trueToken);
+		return $this->validateCsrfTokenInternal($token, $trueToken)
+			|| $this->validateCsrfTokenInternal($this->getCsrfTokenFromHeader(), $trueToken);
 	}

 	private function validateCsrfTokenInternal($token, $trueToken)