From 0ff6eeba7df57472fe744de9e8bd0cd19ebc397c Mon Sep 17 00:00:00 2001
From: SilverFire - Dmitry Naumenko <d.naumenko.a@gmail.com>
Date: Mon, 16 May 2016 01:11:47 +0300
Subject: [PATCH] Enhanced 9f499eb: `yii\web\User::checkRedirectAcceptable()`
 removed check for "*" type (invalid in accept header)

---
 framework/web/User.php           |  4 ++--
 tests/framework/web/UserTest.php | 13 +++++++------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/framework/web/User.php b/framework/web/User.php
index 1bd07b286f..61bce7f97a 100644
--- a/framework/web/User.php
+++ b/framework/web/User.php
@@ -697,12 +697,12 @@ class User extends Component
     protected function checkRedirectAcceptable()
     {
         $acceptableTypes = Yii::$app->getRequest()->getAcceptableContentTypes();
-        if (empty($acceptableTypes)) {
+        if (empty($acceptableTypes) || count($acceptableTypes) === 1 && array_keys($acceptableTypes)[0] === '*/*') {
             return true;
         }
 
         foreach ($acceptableTypes as $type => $params) {
-            if ($type === '*' || $type === '*/*' || in_array($type, $this->acceptableRedirectTypes, true)) {
+            if (in_array($type, $this->acceptableRedirectTypes, true)) {
                 return true;
             }
         }
diff --git a/tests/framework/web/UserTest.php b/tests/framework/web/UserTest.php
index 79b91aa57c..5789d423aa 100644
--- a/tests/framework/web/UserTest.php
+++ b/tests/framework/web/UserTest.php
@@ -210,17 +210,18 @@ class UserTest extends TestCase
 
         $this->reset();
         Yii::$app->request->setUrl('accept-all');
-        $_SERVER['HTTP_ACCEPT'] = '*;q=0.1';
+        $_SERVER['HTTP_ACCEPT'] = '*/*;q=0.1';
         $user->loginRequired();
         $this->assertEquals('accept-all', $user->getReturnUrl());
         $this->assertTrue(Yii::$app->response->getIsRedirection());
 
         $this->reset();
-        Yii::$app->request->setUrl('accept-all');
-        $_SERVER['HTTP_ACCEPT'] = '*/*;q=0.1';
-        $user->loginRequired();
-        $this->assertEquals('accept-all', $user->getReturnUrl());
-        $this->assertTrue(Yii::$app->response->getIsRedirection());
+        Yii::$app->request->setUrl('json-and-accept-all');
+        $_SERVER['HTTP_ACCEPT'] = 'text/json, */*; q=0.1';
+        try {
+            $user->loginRequired();
+        } catch (ForbiddenHttpException $e) {}
+        $this->assertFalse(Yii::$app->response->getIsRedirection());
 
         $this->reset();
         Yii::$app->request->setUrl('accept-html-json');