Fixed yii\web\User::checkRedirectAcceptable() to treat acceptable content type */* as *

Closes #11523

framework/CHANGELOG.md

@@ -16,6 +16,7 @@ Yii Framework 2 Change Log
 - Bug #11459: Fixed flash messages not destroyed when `session.auto_start = 1` set in php.ini (cartmanchen)
 - Bug #11498: Fixed inability to save serialized object into PostgreSQL binary column (klimov-paul)
 - Bug #11507: Fixed `yii\validators\EachValidator::validateAttribute()` does not respect `skipOnEmpty` rule parameter (webdevsega)
+- Bug #11523: Fixed `yii\web\User::checkRedirectAcceptable()` to treat acceptable content type `*/*` as `*` (silverfire)
 - Bug #11532: Fixed casting of empty char value to `null` resulting in integrity constraint violation for not null columns (samdark)
 
 

framework/web/User.php

@@ -702,7 +702,7 @@ class User extends Component
         }
 
         foreach ($acceptableTypes as $type => $params) {
-            if ($type === '*' || in_array($type, $this->acceptableRedirectTypes, true)) {
+            if ($type === '*' || $type === '*/*' || in_array($type, $this->acceptableRedirectTypes, true)) {
                 return true;
             }
         }

tests/framework/web/UserTest.php

@@ -215,6 +215,13 @@ class UserTest extends TestCase
         $this->assertEquals('accept-all', $user->getReturnUrl());
         $this->assertTrue(Yii::$app->response->getIsRedirection());
 
+        $this->reset();
+        Yii::$app->request->setUrl('accept-all');
+        $_SERVER['HTTP_ACCEPT'] = '*/*;q=0.1';
+        $user->loginRequired();
+        $this->assertEquals('accept-all', $user->getReturnUrl());
+        $this->assertTrue(Yii::$app->response->getIsRedirection());
+
         $this->reset();
         Yii::$app->request->setUrl('accept-html-json');
         $_SERVER['HTTP_ACCEPT'] = 'text/json; q=1, text/html; q=0.1';