Skip to content

Y
yii2
Commit 80d69a65 by Qiang Xue
Options

Renamed csrfParam back to csrfVar for consistency.

parent e44c3288
Showing with 14 additions and 14 deletions
framework/assets/yii.js
...@@ -60,7 +60,7 @@ yii = (function ($) { ...@@ -60,7 +60,7 @@ yii = (function ($) {
/** /**
* @return string|undefined the CSRF variable name. Undefined is returned if CSRF validation is not enabled. * @return string|undefined the CSRF variable name. Undefined is returned if CSRF validation is not enabled.
*/ */
getCsrfParam: function () { getCsrfVar: function () {
return $('meta[name=csrf-param]').prop('content'); return $('meta[name=csrf-param]').prop('content');
}, },
...@@ -130,9 +130,9 @@ yii = (function ($) { ...@@ -130,9 +130,9 @@ yii = (function ($) {
if (!method.match(/(get|post)/i)) { if (!method.match(/(get|post)/i)) {
$form.append('<input name="_method" value="' + method + '" type="hidden">'); $form.append('<input name="_method" value="' + method + '" type="hidden">');
} }
var csrfParam = pub.getCsrfParam(); var csrfVar = pub.getCsrfVar();
if (csrfParam) { if (csrfVar) {
$form.append('<input name="' + csrfParam + '" value="' + pub.getCsrfToken() + '" type="hidden">'); $form.append('<input name="' + csrfVar + '" value="' + pub.getCsrfToken() + '" type="hidden">');
} }
$form.hide().appendTo('body'); $form.hide().appendTo('body');
} }
...@@ -199,7 +199,7 @@ yii = (function ($) { ...@@ -199,7 +199,7 @@ yii = (function ($) {
function initCsrfHandler() { function initCsrfHandler() {
// automatically send CSRF token for all AJAX requests // automatically send CSRF token for all AJAX requests
$.ajaxPrefilter(function (options, originalOptions, xhr) { $.ajaxPrefilter(function (options, originalOptions, xhr) {
if (!options.crossDomain && pub.getCsrfParam()) { if (!options.crossDomain && pub.getCsrfVar()) {
xhr.setRequestHeader('X-CSRF-Token', pub.getCsrfToken()); xhr.setRequestHeader('X-CSRF-Token', pub.getCsrfToken());
} }
}); });
......
framework/helpers/BaseHtml.php
...@@ -244,7 +244,7 @@ class BaseHtml ...@@ -244,7 +244,7 @@ class BaseHtml
$method = 'post'; $method = 'post';
} }
if ($request->enableCsrfValidation && !strcasecmp($method, 'post')) { if ($request->enableCsrfValidation && !strcasecmp($method, 'post')) {
$hiddenInputs[] = static::hiddenInput($request->csrfParam, $request->getCsrfToken()); $hiddenInputs[] = static::hiddenInput($request->csrfVar, $request->getCsrfToken());
} }
} }
......
framework/web/Request.php
...@@ -95,10 +95,10 @@ class Request extends \yii\base\Request ...@@ -95,10 +95,10 @@ class Request extends \yii\base\Request
* from the same application. If not, a 400 HTTP exception will be raised. * from the same application. If not, a 400 HTTP exception will be raised.
* *
* Note, this feature requires that the user client accepts cookie. Also, to use this feature, * Note, this feature requires that the user client accepts cookie. Also, to use this feature,
* forms submitted via POST method must contain a hidden input whose name is specified by [[csrfParam]]. * forms submitted via POST method must contain a hidden input whose name is specified by [[csrfVar]].
* You may use [[\yii\web\Html::beginForm()]] to generate his hidden input. * You may use [[\yii\web\Html::beginForm()]] to generate his hidden input.
* *
* In JavaScript, you may get the values of [[csrfParam]] and [[csrfToken]] via `yii.getCsrfParam()` and * In JavaScript, you may get the values of [[csrfVar]] and [[csrfToken]] via `yii.getCsrfParam()` and
* `yii.getCsrfToken()`, respectively. The [[\yii\web\YiiAsset]] asset must be registered. * `yii.getCsrfToken()`, respectively. The [[\yii\web\YiiAsset]] asset must be registered.
* *
* @see Controller::enableCsrfValidation * @see Controller::enableCsrfValidation
...@@ -109,7 +109,7 @@ class Request extends \yii\base\Request ...@@ -109,7 +109,7 @@ class Request extends \yii\base\Request
* @var string the name of the token used to prevent CSRF. Defaults to '_csrf'. * @var string the name of the token used to prevent CSRF. Defaults to '_csrf'.
* This property is used only when [[enableCsrfValidation]] is true. * This property is used only when [[enableCsrfValidation]] is true.
*/ */
public $csrfParam = '_csrf'; public $csrfVar = '_csrf';
/** /**
* @var array the configuration of the CSRF cookie. This property is used only when [[enableCsrfValidation]] is true. * @var array the configuration of the CSRF cookie. This property is used only when [[enableCsrfValidation]] is true.
* @see Cookie * @see Cookie
...@@ -1103,7 +1103,7 @@ class Request extends \yii\base\Request ...@@ -1103,7 +1103,7 @@ class Request extends \yii\base\Request
public function getRawCsrfToken() public function getRawCsrfToken()
{ {
if ($this->_csrfCookie === null) { if ($this->_csrfCookie === null) {
$this->_csrfCookie = $this->getCookies()->get($this->csrfParam); $this->_csrfCookie = $this->getCookies()->get($this->csrfVar);
if ($this->_csrfCookie === null) { if ($this->_csrfCookie === null) {
$this->_csrfCookie = $this->createCsrfCookie(); $this->_csrfCookie = $this->createCsrfCookie();
Yii::$app->getResponse()->getCookies()->add($this->_csrfCookie); Yii::$app->getResponse()->getCookies()->add($this->_csrfCookie);
...@@ -1175,7 +1175,7 @@ class Request extends \yii\base\Request ...@@ -1175,7 +1175,7 @@ class Request extends \yii\base\Request
protected function createCsrfCookie() protected function createCsrfCookie()
{ {
$options = $this->csrfCookie; $options = $this->csrfCookie;
$options['name'] = $this->csrfParam; $options['name'] = $this->csrfVar;
$options['value'] = Security::generateRandomKey(); $options['value'] = Security::generateRandomKey();
return new Cookie($options); return new Cookie($options);
} }
...@@ -1194,8 +1194,8 @@ class Request extends \yii\base\Request ...@@ -1194,8 +1194,8 @@ class Request extends \yii\base\Request
if (!$this->enableCsrfValidation || in_array($method, ['GET', 'HEAD', 'OPTIONS'], true)) { if (!$this->enableCsrfValidation || in_array($method, ['GET', 'HEAD', 'OPTIONS'], true)) {
return true; return true;
} }
$trueToken = $this->getCookies()->getValue($this->csrfParam); $trueToken = $this->getCookies()->getValue($this->csrfVar);
$token = $this->getBodyParam($this->csrfParam); $token = $this->getBodyParam($this->csrfVar);
return $this->validateCsrfTokenInternal($token, $trueToken) return $this->validateCsrfTokenInternal($token, $trueToken)
|| $this->validateCsrfTokenInternal($this->getCsrfTokenFromHeader(), $trueToken); || $this->validateCsrfTokenInternal($this->getCsrfTokenFromHeader(), $trueToken);
} }
......
framework/web/View.php
...@@ -454,7 +454,7 @@ class View extends \yii\base\View ...@@ -454,7 +454,7 @@ class View extends \yii\base\View
$request = Yii::$app->getRequest(); $request = Yii::$app->getRequest();
if ($request instanceof \yii\web\Request && $request->enableCsrfValidation && !$request->getIsAjax()) { if ($request instanceof \yii\web\Request && $request->enableCsrfValidation && !$request->getIsAjax()) {
$lines[] = Html::tag('meta', '', ['name' => 'csrf-param', 'content' => $request->csrfParam]); $lines[] = Html::tag('meta', '', ['name' => 'csrf-param', 'content' => $request->csrfVar]);
$lines[] = Html::tag('meta', '', ['name' => 'csrf-token', 'content' => $request->getCsrfToken()]); $lines[] = Html::tag('meta', '', ['name' => 'csrf-token', 'content' => $request->getCsrfToken()]);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment