Fixed HTTP status codes for non-redirects which were breaking AuthComponent.

lib/Cake/Controller/Controller.php

@@ -770,18 +770,17 @@ class Controller extends Object implements CakeEventListener {
 			session_write_close();
 		}
 
-		if (!empty($status) && is_string($status)) {
+		if ($url !== null) {
+			$this->response->header('Location', Router::url($url, true));
+		}
+
+		if (!empty($status)) {
+			if (is_string($status)) {
 				$codes = array_flip($this->response->httpCodes());
 				if (isset($codes[$status])) {
 					$status = $codes[$status];
 				}
 			}
-
-		if ($url !== null) {
-			$this->response->header('Location', Router::url($url, true));
-		}
-
-		if (!empty($status) && ($status >= 300 && $status < 400)) {
 			$this->response->statusCode($status);
 		}
 

lib/Cake/Test/Case/Controller/ControllerTest.php

@@ -728,7 +728,8 @@ class ControllerTest extends CakeTestCase {
 			array(303, "See Other"),
 			array(304, "Not Modified"),
 			array(305, "Use Proxy"),
-			array(307, "Temporary Redirect")
+			array(307, "Temporary Redirect"),
+			array(403, "Forbidden"),
 		);
 	}