A big problem I've hit with the Yii-Bootstrap extension is that all AJAX requests are initializing Bootstrap because of preload. This is a huge waste of resources, especially when using AJAX-based file uploaders that split the file into chunks. Large file uploads using that method could be initializing bootstrap hundreds of times.
I've seen lot of people struggling in finding a way to hide the script name when installing their Yii Application. In an Apache environment everything is well documented in this wiki article, but for those who are running their app on a Windows Server machine there are no hints.
Countries sometimes change their laws pertaining to time zones and daylight saving times. This means that GMT+2 can be a different time this August compared to last August! However, by using php's DateTime class (instead of timestamps), we can do both "format" and "time zone" conversions on a single DateTime object (only 2 lines of code) for date, time, timestamp and datetime types - while php takes care of nightmares such as current and historical time zones and daylight saving times.
If you are coming over to Yii 2 from Yii 1.x, you may have already read this useful wiki for creating dependent dropdowns.
You can use a similar approach in Yii 2 to do the same. But if you are looking at a prebuilt solution that helps you manage it easier, read along.
This article is called extended guide is because there is already a security guide in the Yii tutorial security section. but that guide is not complete in the sense that it does not rise the developers' attention to some other commonly happening attacks: SQL injection and magic URL, which can be major vulnerabilities in your application without much caring.
To extend the functionality of you web application relative to your requirements you are supposed to use existing yii core libraries or use external libraries. There are some steps to ensure security, uniqueness, modularity, performance and to avoid rework in future.