php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-11-15 05:45:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

Enhanced 9f499eb: yii\web\User::checkRedirectAcceptable() removed check for "*" type (invalid in accept header)

Browse Source
This commit is contained in:
SilverFire - Dmitry Naumenko
2016-05-16 01:11:47 +03:00
parent b976f638d8
commit 0ff6eeba7d
2 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
framework/web/User.php
View File

@@ -697,12 +697,12 @@ class User extends Component
protected function checkRedirectAcceptable()
{
$acceptableTypes = Yii::$app->getRequest()->getAcceptableContentTypes();
if (empty($acceptableTypes)) {
if (empty($acceptableTypes) || count($acceptableTypes) === 1 && array_keys($acceptableTypes)[0] === '*/*') {
return true;
}
foreach ($acceptableTypes as $type => $params) {
if ($type === '*' || $type === '*/*' || in_array($type, $this->acceptableRedirectTypes, true)) {
if (in_array($type, $this->acceptableRedirectTypes, true)) {
return true;
}
}

11
tests/framework/web/UserTest.php
View File

@@ -210,17 +210,18 @@ class UserTest extends TestCase
$this->reset();
Yii::$app->request->setUrl('accept-all');
$_SERVER['HTTP_ACCEPT'] = '*;q=0.1';
$_SERVER['HTTP_ACCEPT'] = '*/*;q=0.1';
$user->loginRequired();
$this->assertEquals('accept-all', $user->getReturnUrl());
$this->assertTrue(Yii::$app->response->getIsRedirection());
$this->reset();
Yii::$app->request->setUrl('accept-all');
$_SERVER['HTTP_ACCEPT'] = '*/*;q=0.1';
Yii::$app->request->setUrl('json-and-accept-all');
$_SERVER['HTTP_ACCEPT'] = 'text/json, */*; q=0.1';
try {
$user->loginRequired();
$this->assertEquals('accept-all', $user->getReturnUrl());
$this->assertTrue(Yii::$app->response->getIsRedirection());
} catch (ForbiddenHttpException $e) {}
$this->assertFalse(Yii::$app->response->getIsRedirection());
$this->reset();
Yii::$app->request->setUrl('accept-html-json');