php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-11-14 13:25:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

Enhanced 9f499eb: yii\web\User::checkRedirectAcceptable() removed check for "*" type (invalid in accept header)

Browse Source
This commit is contained in:
SilverFire - Dmitry Naumenko
2016-05-16 01:11:47 +03:00
parent b976f638d8
commit 0ff6eeba7d
2 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
framework/web/User.php
View File

@@ -697,12 +697,12 @@ class User extends Component
protected function checkRedirectAcceptable() protected function checkRedirectAcceptable()
{ {
$acceptableTypes = Yii::$app->getRequest()->getAcceptableContentTypes(); $acceptableTypes = Yii::$app->getRequest()->getAcceptableContentTypes();
if (empty($acceptableTypes)) { if (empty($acceptableTypes) || count($acceptableTypes) === 1 && array_keys($acceptableTypes)[0] === '*/*') {
return true; return true;
} }
foreach ($acceptableTypes as $type => $params) { foreach ($acceptableTypes as $type => $params) {
if ($type === '*' || $type === '*/*' || in_array($type, $this->acceptableRedirectTypes, true)) { if (in_array($type, $this->acceptableRedirectTypes, true)) {
return true; return true;
} }
} }

13
tests/framework/web/UserTest.php
View File

@@ -210,17 +210,18 @@ class UserTest extends TestCase
$this->reset(); $this->reset();
Yii::$app->request->setUrl('accept-all'); Yii::$app->request->setUrl('accept-all');
$_SERVER['HTTP_ACCEPT'] = '*;q=0.1'; $_SERVER['HTTP_ACCEPT'] = '*/*;q=0.1';
$user->loginRequired(); $user->loginRequired();
$this->assertEquals('accept-all', $user->getReturnUrl()); $this->assertEquals('accept-all', $user->getReturnUrl());
$this->assertTrue(Yii::$app->response->getIsRedirection()); $this->assertTrue(Yii::$app->response->getIsRedirection());
$this->reset(); $this->reset();
Yii::$app->request->setUrl('accept-all'); Yii::$app->request->setUrl('json-and-accept-all');
$_SERVER['HTTP_ACCEPT'] = '*/*;q=0.1'; $_SERVER['HTTP_ACCEPT'] = 'text/json, */*; q=0.1';
$user->loginRequired(); try {
$this->assertEquals('accept-all', $user->getReturnUrl()); $user->loginRequired();
$this->assertTrue(Yii::$app->response->getIsRedirection()); } catch (ForbiddenHttpException $e) {}
$this->assertFalse(Yii::$app->response->getIsRedirection());
$this->reset(); $this->reset();
Yii::$app->request->setUrl('accept-html-json'); Yii::$app->request->setUrl('accept-html-json');