isPostRequest in Yii

vjbill · June 16, 2010, 12:10pm

Hello,

I’ve stumbled upon another problem. My project has a system for user account management and one action available to a user and an admin is ‘delete’. Now I can’t get past the isPostRequest check inside the action. It’s in the controller generated by Gii. When I call the ‘delete’ action from the user menu (e.g. UserController/DeleteAction), it isn’t recognised as a POST request.

Another thing that puzzles me is the URL in the admin view (which uses CGridView to view all users in the system, and View/Update/Delete buttons). The URL finishes with ‘/delete&id=1’. I noticed that in the Blog demo, the similar URL finishes with ‘delete?id=1’ (and the POST check condition returns true there)… Can the URL have any influence?

Thanks for your help,

With kind regards,

Bill

lenye · June 16, 2010, 1:05pm

I think you may find the style of "delete?id=1" is not secure.

we can control the role’s privilige through CDbAuthManager.

vjbill · June 16, 2010, 1:15pm

Hi lenye,

Yeah, that’s another thing that you can see the id in the URL. But my main problem is why doesn’t a URL in the ‘?key=value’ style pass the isPostRequest check… What are the prerequisites so that Yii identifies a URL as a POST request?

A sample code I’m using in my actionDelete method in the User controller:


		if(Yii::app()->request->isPostRequest)

		{

			if(isset($_GET['ajax']))

				$this->redirect(array('index')); 

		}

		else

			$this->renderText('not');

So after deleting a user through the admin CGridView widget I should be redirected to the ‘index’ view. That doesn’t happen…

Thanks for your help,

With kind regards,

Bill

sandaliasha · March 17, 2011, 12:00am

I have the same problem!!!

zaccaria · March 17, 2011, 7:58am

A post request is recongnised as post if it post data.

The CGridView uses a tick, it has the url like a get request, but via ajax it fires a post request with the same url:




$.fn.yiiGridView.update('buy-grid', {

   type:'POST',

   url:$(this).attr('href'),

   success:function(data) {

     $.fn.yiiGridView.update('buy-grid');

     afterDelete(th,true,data);

   },

   error:function() {

     afterDelete(th,false);

   }

 });

As the ajax request uses post, the request is recognised as a post request.

harmar · July 17, 2012, 8:03pm

What, and you think a post request is secure?? Um… ok.

rtwent · December 31, 2013, 8:16pm

Hi.

I had such problem too.

Error was in javascript, see yiiframework.com/forum/index.php/topic/9387-cgridview-update/
Second with a help of .htaccess (easiest and fastest way) I decided trailing slash problem by this:

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_URI} !(.*)/$

RewriteRule ^(.*)$ ht tp://localhost/$1/ [L,R=301]

… This was the second error, because my script begun to work after permanent 301 redirect. So, Yii::app()->request->isPostRequest was set to FALSE.

Best regards to YII developers, they think about our safety