Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

MDL-40002 Files: ETag value must be a quoted-string.

ETag value must be double quoted, http://tools.ietf.org/html/rfc2616#section-3.11.
More details about potential impacts in MDL-39832: shortly, at least when using
HTTP Partial GET Requests (HTTP Status: 206) plus X-Sendfile HTTP Header.
In this commit, the impact is to be RFC2616 compliant when using the ETag Header.
  • Loading branch information...
commit 16b143ef225ddffda00ae2641e65c69dacaf1464 1 parent 969e5b5
Matteo Scaramuccia scara authored
6 lib/csslib.php
@@ -124,7 +124,7 @@ function css_send_ie_css($themename, $rev, $etag, $slasharguments) {
124 124 $css .= "\n@import url($relroot/styles.php?theme=$themename&rev=$rev&type=theme);";
125 125 }
126 126
127   - header('Etag: '.$etag);
  127 + header('Etag: "'.$etag.'"');
128 128 header('Content-Disposition: inline; filename="styles.php"');
129 129 header('Last-Modified: '. gmdate('D, d M Y H:i:s', time()) .' GMT');
130 130 header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
@@ -150,7 +150,7 @@ function css_send_ie_css($themename, $rev, $etag, $slasharguments) {
150 150 function css_send_cached_css($csspath, $etag) {
151 151 $lifetime = 60*60*24*60; // 60 days only - the revision may get incremented quite often
152 152
153   - header('Etag: '.$etag);
  153 + header('Etag: "'.$etag.'"');
154 154 header('Content-Disposition: inline; filename="styles.php"');
155 155 header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($csspath)) .' GMT');
156 156 header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
@@ -208,7 +208,7 @@ function css_send_unmodified($lastmodified, $etag) {
208 208 header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
209 209 header('Cache-Control: public, max-age='.$lifetime);
210 210 header('Content-Type: text/css; charset=utf-8');
211   - header('Etag: '.$etag);
  211 + header('Etag: "'.$etag.'"');
212 212 if ($lastmodified) {
213 213 header('Last-Modified: '. gmdate('D, d M Y H:i:s', $lastmodified) .' GMT');
214 214 }
4 lib/jslib.php
@@ -36,7 +36,7 @@ function js_send_cached($jspath, $etag, $filename = 'javascript.php') {
36 36
37 37 $lifetime = 60*60*24*60; // 60 days only - the revision may get incremented quite often
38 38
39   - header('Etag: '.$etag);
  39 + header('Etag: "'.$etag.'"');
40 40 header('Content-Disposition: inline; filename="'.$filename.'"');
41 41 header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($jspath)) .' GMT');
42 42 header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
@@ -86,7 +86,7 @@ function js_send_unmodified($lastmodified, $etag) {
86 86 header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
87 87 header('Cache-Control: public, max-age='.$lifetime);
88 88 header('Content-Type: application/javascript; charset=utf-8');
89   - header('Etag: '.$etag);
  89 + header('Etag: "'.$etag.'"');
90 90 if ($lastmodified) {
91 91 header('Last-Modified: '. gmdate('D, d M Y H:i:s', $lastmodified) .' GMT');
92 92 }
4 theme/image.php
@@ -103,7 +103,7 @@
103 103 header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
104 104 header('Cache-Control: public, max-age='.$lifetime);
105 105 header('Content-Type: '.$mimetype);
106   - header('Etag: '.$etag);
  106 + header('Etag: "'.$etag.'"');
107 107 die;
108 108 }
109 109 send_cached_image($cacheimage, $etag);
@@ -184,7 +184,7 @@ function send_cached_image($imagepath, $etag) {
184 184
185 185 $mimetype = get_contenttype_from_ext($pathinfo['extension']);
186 186
187   - header('Etag: '.$etag);
  187 + header('Etag: "'.$etag.'"');
188 188 header('Content-Disposition: inline; filename="'.$imagename.'"');
189 189 header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($imagepath)) .' GMT');
190 190 header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
4 theme/yui_combo.php
@@ -61,7 +61,7 @@
61 61 header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
62 62 header('Cache-Control: public, max-age='.$lifetime);
63 63 header('Content-Type: '.$mimetype);
64   - header('Etag: '.$etag);
  64 + header('Etag: "'.$etag.'"');
65 65 die;
66 66 }
67 67
@@ -170,7 +170,7 @@ function combo_send_cached($content, $mimetype, $etag, $lastmodified) {
170 170 header('Cache-Control: public, max-age='.$lifetime);
171 171 header('Accept-Ranges: none');
172 172 header('Content-Type: '.$mimetype);
173   - header('Etag: '.$etag);
  173 + header('Etag: "'.$etag.'"');
174 174 if (!min_enable_zlib_compression()) {
175 175 header('Content-Length: '.strlen($content));
176 176 }
4 theme/yui_image.php
@@ -92,7 +92,7 @@
92 92 header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
93 93 header('Cache-Control: public, max-age='.$lifetime);
94 94 header('Content-Type: '.$mimetype);
95   - header('Etag: '.$etag);
  95 + header('Etag: "'.$etag.'"');
96 96 die;
97 97 }
98 98
@@ -113,7 +113,7 @@ function yui_image_cached($imagepath, $imagename, $mimetype, $etag) {
113 113 header('Accept-Ranges: none');
114 114 header('Content-Type: '.$mimetype);
115 115 header('Content-Length: '.filesize($imagepath));
116   - header('Etag: '.$etag);
  116 + header('Etag: "'.$etag.'"');
117 117
118 118 if (xsendfile($imagepath)) {
119 119 die;

0 comments on commit 16b143e

Please sign in to comment.
Something went wrong with that request. Please try again.