fix: specified code may not used in redirect

Author: kenjis

system/HTTP/ResponseTrait.php

@@ -503,28 +503,25 @@ public function sendBody()
      */
     public function redirect(string $uri, string $method = 'auto', ?int $code = null)
     {
-        // Assume 302 status code response; override if needed
-        if (empty($code)) {
-            $code = 302;
-        }
-
         // IIS environment likely? Use 'refresh' for better compatibility
         if (
             $method === 'auto'
             && isset($_SERVER['SERVER_SOFTWARE'])
             && strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') !== false
         ) {
             $method = 'refresh';
-        }
-
-        // override status code for HTTP/1.1 & higher
-        // reference: http://en.wikipedia.org/wiki/Post/Redirect/Get
-        if (
-            isset($_SERVER['SERVER_PROTOCOL'], $_SERVER['REQUEST_METHOD'])
-            && $this->getProtocolVersion() >= 1.1
-            && $method !== 'refresh'
-        ) {
-            $code = ($_SERVER['REQUEST_METHOD'] !== 'GET') ? 303 : ($code === 302 ? 307 : $code);
+        } elseif ($method !== 'refresh' && $code === null) {
+            // override status code for HTTP/1.1 & higher
+            if (
+                isset($_SERVER['SERVER_PROTOCOL'], $_SERVER['REQUEST_METHOD'])
+                && $this->getProtocolVersion() >= 1.1
+            ) {
+                $code = ($_SERVER['REQUEST_METHOD'] !== 'GET')
+                    ? 303 // reference: https://en.wikipedia.org/wiki/Post/Redirect/Get
+                    : 307;
+            } else {
+                $code = 302;
+            }
         }
 
         switch ($method) {

tests/system/CodeIgniterTest.php

@@ -457,6 +457,7 @@ public function testRunRedirectionWithGET()
 
         // Inject mock router.
         $routes = Services::routes();
+        // addRedirect() sets status code 302 by default.
         $routes->addRedirect('example', 'pages/notset');
 
         $router = Services::router($routes, Services::incomingrequest());
@@ -468,7 +469,7 @@ public function testRunRedirectionWithGET()
 
         $response = $this->getPrivateProperty($this->codeigniter, 'response');
         $this->assertSame('http://example.com/pages/notset', $response->header('Location')->getValue());
-        $this->assertSame(307, $response->getStatusCode());
+        $this->assertSame(302, $response->getStatusCode());
     }
 
     public function testRunRedirectionWithGETAndHTTPCode301()
@@ -516,7 +517,7 @@ public function testRunRedirectionWithPOSTAndHTTPCode301()
         ob_get_clean();
 
         $response = $this->getPrivateProperty($this->codeigniter, 'response');
-        $this->assertSame(303, $response->getStatusCode());
+        $this->assertSame(301, $response->getStatusCode());
     }
 
     public function testStoresPreviousURL()

tests/system/HTTP/ResponseTest.php

@@ -296,10 +296,10 @@ public function provideForRedirect()
         yield from [
             ['Apache/2.4.17', 'HTTP/1.1', 'GET', null, 307],
             ['Apache/2.4.17', 'HTTP/1.1', 'GET', 307, 307],
-            ['Apache/2.4.17', 'HTTP/1.1', 'GET', 302, 307],
+            ['Apache/2.4.17', 'HTTP/1.1', 'GET', 302, 302],
             ['Apache/2.4.17', 'HTTP/1.1', 'POST', null, 303],
-            ['Apache/2.4.17', 'HTTP/1.1', 'POST', 307, 303],
-            ['Apache/2.4.17', 'HTTP/1.1', 'POST', 302, 303],
+            ['Apache/2.4.17', 'HTTP/1.1', 'POST', 307, 307],
+            ['Apache/2.4.17', 'HTTP/1.1', 'POST', 302, 302],
         ];
     }