Commit e2b6cb69 by Alexander Makarov

Fixes #4889: Application was getting into redirect loop when user wasn't allowed…

Fixes #4889: Application was getting into redirect loop when user wasn't allowed accessing login page. Now shows 403
parent 3485596b
...@@ -5,6 +5,7 @@ Yii Framework 2 Change Log ...@@ -5,6 +5,7 @@ Yii Framework 2 Change Log
----------------------- -----------------------
- Bug #4471: `yii\caching\ApcCache::getValues()` now returns array in case of APC is installed but not enabled in CLI mode (samdark, cebe) - Bug #4471: `yii\caching\ApcCache::getValues()` now returns array in case of APC is installed but not enabled in CLI mode (samdark, cebe)
- Bug #4889: Application was getting into redirect loop when user wasn't allowed accessing login page. Now shows 403 (samdark)
- Bug #5402: Debugger was not loading when there were closures in asset classes (samdark) - Bug #5402: Debugger was not loading when there were closures in asset classes (samdark)
- Bug #5570: `yii\bootstrap\Tabs` would throw an exception if `content` is not set for one of its `items` (RomeroMsk) - Bug #5570: `yii\bootstrap\Tabs` would throw an exception if `content` is not set for one of its `items` (RomeroMsk)
- Bug #5584: `yii\rbac\DbRbacManager` should not delete items when deleting a rule on a database not supporting cascade update (mdmunir) - Bug #5584: `yii\rbac\DbRbacManager` should not delete items when deleting a rule on a database not supporting cascade update (mdmunir)
......
...@@ -422,10 +422,12 @@ class User extends Component ...@@ -422,10 +422,12 @@ class User extends Component
$this->setReturnUrl($request->getUrl()); $this->setReturnUrl($request->getUrl());
} }
if ($this->loginUrl !== null) { if ($this->loginUrl !== null) {
return Yii::$app->getResponse()->redirect($this->loginUrl); $loginUrl = (array)$this->loginUrl;
} else { if ($loginUrl[0] !== Yii::$app->requestedRoute) {
throw new ForbiddenHttpException(Yii::t('yii', 'Login Required')); return Yii::$app->getResponse()->redirect($this->loginUrl);
}
} }
throw new ForbiddenHttpException(Yii::t('yii', 'Login Required'));
} }
/** /**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment