Enhanced 9f499eb: yii\web\User::checkRedirectAcceptable() removed c…

…heck for "*" type (invalid in accept header)
seraph526 · May 15, 2016 · 0ff6eeb · 0ff6eeb
1 parent b976f63
commit 0ff6eeb
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 8 deletions.
diff --git a/framework/web/User.php b/framework/web/User.php
@@ -697,12 +697,12 @@ public function can($permissionName, $params = [], $allowCaching = true)
     protected function checkRedirectAcceptable()
     {
         $acceptableTypes = Yii::$app->getRequest()->getAcceptableContentTypes();
-        if (empty($acceptableTypes)) {
+        if (empty($acceptableTypes) || count($acceptableTypes) === 1 && array_keys($acceptableTypes)[0] === '*/*') {
             return true;
         }
 
         foreach ($acceptableTypes as $type => $params) {
-            if ($type === '*' || $type === '*/*' || in_array($type, $this->acceptableRedirectTypes, true)) {
+            if (in_array($type, $this->acceptableRedirectTypes, true)) {
                 return true;
             }
         }

diff --git a/tests/framework/web/UserTest.php b/tests/framework/web/UserTest.php
@@ -210,17 +210,18 @@ public function testLoginRequired()
 
         $this->reset();
         Yii::$app->request->setUrl('accept-all');
-        $_SERVER['HTTP_ACCEPT'] = '*;q=0.1';
+        $_SERVER['HTTP_ACCEPT'] = '*/*;q=0.1';
         $user->loginRequired();
         $this->assertEquals('accept-all', $user->getReturnUrl());
         $this->assertTrue(Yii::$app->response->getIsRedirection());
 
         $this->reset();
-        Yii::$app->request->setUrl('accept-all');
-        $_SERVER['HTTP_ACCEPT'] = '*/*;q=0.1';
-        $user->loginRequired();
-        $this->assertEquals('accept-all', $user->getReturnUrl());
-        $this->assertTrue(Yii::$app->response->getIsRedirection());
+        Yii::$app->request->setUrl('json-and-accept-all');
+        $_SERVER['HTTP_ACCEPT'] = 'text/json, */*; q=0.1';
+        try {
+            $user->loginRequired();
+        } catch (ForbiddenHttpException $e) {}
+        $this->assertFalse(Yii::$app->response->getIsRedirection());
 
         $this->reset();
         Yii::$app->request->setUrl('accept-html-json');