Menu
Simple question, trying to enable remote access to gii in yii 2 - docs say http://www.yiiframework.com/doc-2.0/guide-start-gii.html
Note: If you are accessing Gii from a machine other than localhost, the access will be denied by default for security purpose. You can configure Gii to add the allowed IP addresses as follows,
'gii' => [
'class' => 'yii\gii\Module',
'allowedIPs' => ['127.0.0.1', '::1', '192.168.0.*', '192.168.178.20'] // adjust this to your needs
],
Thing is, it doesn't say where to add this - guesing config/web.php
But under what section?
490
Open up this url: http://localhost:8080/index.php?r=gii. Then, click the “Start” button under the “Model generator” header. Fill in the Table Name (“user”) and the Model Class (“MyUser”), click the “Preview” button and finally, click the “Generate” button.
Since the vulnerability still exists, those who use the Yii2 Gii Remote Code module need to check the following: Make sure that access to the developer’s platform is closed: There should be no alpha/beta or other versions, and the development environment should not be open to external access.
We can use Yii2's simple access control features to ensure that users register and sign in before adding and viewing status posts. Yii2 also offers more advanced (and complex) Role Based Access Control (RBAC) which we will not be implementing at this time.
GII is a YII module that generates code for CRUD operations. In YII 2 Framework, GII is accessible by the localhost by default, and the module is accessed in the browser. Xampp installed in your machine. If not, follow these steps to install it. This will come along with PhpMyAdmin which we will use to manage our database record.
Let’s get started. Yii2 Framework 2.0.35 You can find Gii at the addresses like: To successfully exploit the vulnerability, go to the Model Generator section. The application must have a database configured, otherwise the model cannot be generated. Also, you must specify the existing table name in the Table Name field.
2 places you need to add this.
Usually it is done like this in your main-local.php
if (!YII_ENV_TEST) {
$config['bootstrap'][] = 'gii';
$config['modules']['gii'] = [
'class' => 'yii\gii\Module',
];
}
So you need to add gii in the bootstrap section of the config and in the modules section. This will turn basically append them to the array from your config/main.php return [ 'id' => 'app-backend', 'basePath' => dirname(DIR), 'controllerNamespace' => 'backend\controllers', 'bootstrap' => ['log'], 'modules' => [ ], ],
On the link you gave, take a look above. You should do:
if (YII_ENV_DEV) {
$config['bootstrap'][] = 'gii';
$config['modules']['gii'] = [
'class' => 'yii\gii\Module',
'allowedIPs' => ['127.0.0.1', '::1', '192.168.0.*', '192.168.178.20'] // adjust this to your needs
];
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
