Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
Y
yii2
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
PSDI Army
yii2
Commits
86c191ba
Commit
86c191ba
authored
May 29, 2013
by
Qiang Xue
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'master' of github.com:yiisoft/yii2
parents
e2073612
9af5466b
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
92 additions
and
2 deletions
+92
-2
Html.php
framework/yii/helpers/base/Html.php
+2
-2
VerbFilter.php
framework/yii/web/VerbFilter.php
+90
-0
No files found.
framework/yii/helpers/base/Html.php
View file @
86c191ba
...
@@ -344,7 +344,7 @@ class Html
...
@@ -344,7 +344,7 @@ class Html
/**
/**
* Generates a hyperlink tag.
* Generates a hyperlink tag.
* @param string $text link body. It will NOT be HTML-encoded. Therefore you can pass in HTML code
* @param string $text link body. It will NOT be HTML-encoded. Therefore you can pass in HTML code
* such as an image tag. If this is
is
coming from end users, you should consider [[encode()]]
* such as an image tag. If this is coming from end users, you should consider [[encode()]]
* it to prevent XSS attacks.
* it to prevent XSS attacks.
* @param array|string|null $url the URL for the hyperlink tag. This parameter will be processed by [[url()]]
* @param array|string|null $url the URL for the hyperlink tag. This parameter will be processed by [[url()]]
* and will be used for the "href" attribute of the tag. If this parameter is null, the "href" attribute
* and will be used for the "href" attribute of the tag. If this parameter is null, the "href" attribute
...
@@ -366,7 +366,7 @@ class Html
...
@@ -366,7 +366,7 @@ class Html
/**
/**
* Generates a mailto hyperlink.
* Generates a mailto hyperlink.
* @param string $text link body. It will NOT be HTML-encoded. Therefore you can pass in HTML code
* @param string $text link body. It will NOT be HTML-encoded. Therefore you can pass in HTML code
* such as an image tag. If this is
is
coming from end users, you should consider [[encode()]]
* such as an image tag. If this is coming from end users, you should consider [[encode()]]
* it to prevent XSS attacks.
* it to prevent XSS attacks.
* @param string $email email address. If this is null, the first parameter (link body) will be treated
* @param string $email email address. If this is null, the first parameter (link body) will be treated
* as the email address and used.
* as the email address and used.
...
...
framework/yii/web/VerbFilter.php
0 → 100644
View file @
86c191ba
<?php
/**
* @link http://www.yiiframework.com/
* @copyright Copyright (c) 2008 Yii Software LLC
* @license http://www.yiiframework.com/license/
*/
namespace
yii\web
;
use
Yii
;
use
yii\base\ActionEvent
;
use
yii\base\Behavior
;
use
yii\base\HttpException
;
/**
* VerbFilter is an action filter that filters by HTTP request methods.
*
* It allows to define allowed HTTP request methods for each action and will throw
* an HTTP 405 error when the method is not allowed.
*
* To use VerbFilter, declare it in the `behaviors()` method of your controller class.
* For example, the following declarations will define a typical set of allowed
* request methods for REST CRUD actions.
*
* ~~~
* public function behaviors()
* {
* return array(
* 'verbs' => array(
* 'class' => \yii\web\VerbFilter::className(),
* 'actions' => array(
* 'index' => array('get'),
* 'view' => array('get'),
* 'create' => array('get', 'post'),
* 'update' => array('get', 'put', 'post'),
* 'delete' => array('post', 'delete'),
* ),
* ),
* );
* }
* ~~~
*
* @see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.7
* @author Carsten Brandt <mail@cebe.cc>
* @since 2.0
*/
class
VerbFilter
extends
Behavior
{
/**
* @var array this property defines the allowed request methods for each action.
* For each action that should only support limited set of request methods
* you add an entry with the action id as array key and an array of
* allowed methods (e.g. GET, HEAD, PUT) as the value.
* If an action is not listed all request methods are considered allowed.
*/
public
$actions
=
array
();
/**
* Declares event handlers for the [[owner]]'s events.
* @return array events (array keys) and the corresponding event handler methods (array values).
*/
public
function
events
()
{
return
array
(
Controller
::
EVENT_BEFORE_ACTION
=>
'beforeAction'
,
);
}
/**
* @param ActionEvent $event
* @return boolean
* @throws \yii\base\HttpException when the request method is not allowed.
*/
public
function
beforeAction
(
$event
)
{
$action
=
$event
->
action
->
id
;
if
(
isset
(
$this
->
actions
[
$action
]))
{
$verb
=
Yii
::
$app
->
getRequest
()
->
getRequestMethod
();
$allowed
=
array_map
(
'strtoupper'
,
$this
->
actions
[
$action
]);
if
(
!
in_array
(
$verb
,
$allowed
))
{
$event
->
isValid
=
false
;
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.7
header
(
'Allow: '
.
implode
(
', '
,
$allowed
));
throw
new
HttpException
(
405
,
'Method Not Allowed. This url can only handle the following request methods: '
.
implode
(
', '
,
$allowed
));
}
}
return
$event
->
isValid
;
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment