Permalink
Browse files

MDL-40379 Files Prevent mobile network providers from modifying content.

  • Loading branch information...
1 parent 14d1f4e commit 6cafb62b1ecdac3adec62420876b11fe54801967 @scara scara committed Dec 28, 2013
Showing with 18 additions and 18 deletions.
  1. +8 −8 lib/filelib.php
  2. +2 −2 lib/tests/filelib_test.php
  3. +4 −4 lib/weblib.php
  4. +2 −2 theme/image.php
  5. +2 −2 theme/yui_image.php
View
16 lib/filelib.php
@@ -2214,11 +2214,11 @@ function send_temp_file($path, $filename, $pathisstring=false) {
header('Content-Disposition: attachment; filename="'.$filename.'"');
if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431
- header('Cache-Control: private, max-age=10');
+ header('Cache-Control: private, max-age=10, no-transform');
header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
header('Pragma: ');
} else { //normal http - prevent caching at all cost
- header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0');
+ header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0, no-transform');
header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
header('Pragma: no-cache');
}
@@ -2305,18 +2305,18 @@ function send_file($path, $filename, $lifetime = 'default' , $filter=0, $pathiss
$private = ' private,';
}
$nobyteserving = false;
- header('Cache-Control:'.$private.' max-age='.$lifetime);
+ header('Cache-Control:'.$private.' max-age='.$lifetime.', no-transform');
header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
header('Pragma: ');
} else { // Do not cache files in proxies and browsers
$nobyteserving = true;
if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431
- header('Cache-Control: private, max-age=10');
+ header('Cache-Control: private, max-age=10, no-transform');
header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
header('Pragma: ');
} else { //normal http - prevent caching at all cost
- header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0');
+ header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0, no-transform');
header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
header('Pragma: no-cache');
}
@@ -2472,17 +2472,17 @@ function send_stored_file($stored_file, $lifetime=86400 , $filter=0, $forcedownl
if (isloggedin() and !isguestuser()) {
$private = ' private,';
}
- header('Cache-Control:'.$private.' max-age='.$lifetime);
+ header('Cache-Control:'.$private.' max-age='.$lifetime.', no-transform');
header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
header('Pragma: ');
} else { // Do not cache files in proxies and browsers
if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431
- header('Cache-Control: private, max-age=10');
+ header('Cache-Control: private, max-age=10, no-transform');
header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
header('Pragma: ');
} else { //normal http - prevent caching at all cost
- header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0');
+ header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0, no-transform');
header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
header('Pragma: no-cache');
}
View
4 lib/tests/filelib_test.php
@@ -292,7 +292,7 @@ public function test_curl_strip_double_headers() {
HTTP/1.0 200 OK
Server: Apache
X-Lb-Nocache: true
-Cache-Control: private, max-age=15
+Cache-Control: private, max-age=15, no-transform
ETag: "4d69af5d8ba873ea9192c489e151bd7b"
Content-Type: text/html
Date: Thu, 08 Dec 2011 14:44:53 GMT
@@ -308,7 +308,7 @@ public function test_curl_strip_double_headers() {
HTTP/1.0 200 OK
Server: Apache
X-Lb-Nocache: true
-Cache-Control: private, max-age=15
+Cache-Control: private, max-age=15, no-transform
ETag: "4d69af5d8ba873ea9192c489e151bd7b"
Content-Type: text/html
Date: Thu, 08 Dec 2011 14:44:53 GMT
View
8 lib/weblib.php
@@ -1894,14 +1894,14 @@ function send_headers($contenttype, $cacheable = true) {
}
if ($cacheable) {
- // Allow caching on "back" (but not on normal clicks)
- @header('Cache-Control: private, pre-check=0, post-check=0, max-age=0');
+ // Allow caching on "back" (but not on normal clicks).
+ @header('Cache-Control: private, pre-check=0, post-check=0, max-age=0, no-transform');
@header('Pragma: no-cache');
@header('Expires: ');
} else {
- // Do everything we can to always prevent clients and proxies caching
+ // Do everything we can to always prevent clients and proxies caching.
@header('Cache-Control: no-store, no-cache, must-revalidate');
- @header('Cache-Control: post-check=0, pre-check=0', false);
+ @header('Cache-Control: post-check=0, pre-check=0, no-transform', false);
@header('Pragma: no-cache');
@header('Expires: Mon, 20 Aug 1969 09:23:00 GMT');
@header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
View
4 theme/image.php
@@ -112,7 +112,7 @@
$mimetype = get_contenttype_from_ext($ext);
header('HTTP/1.1 304 Not Modified');
header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
- header('Cache-Control: public, max-age='.$lifetime);
+ header('Cache-Control: public, max-age='.$lifetime.', no-transform');
header('Content-Type: '.$mimetype);
header('Etag: "'.$etag.'"');
die;
@@ -211,7 +211,7 @@ function send_cached_image($imagepath, $etag) {
header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($imagepath)) .' GMT');
header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
header('Pragma: ');
- header('Cache-Control: public, max-age='.$lifetime);
+ header('Cache-Control: public, max-age='.$lifetime.', no-transform');
header('Accept-Ranges: none');
header('Content-Type: '.$mimetype);
header('Content-Length: '.filesize($imagepath));
View
4 theme/yui_image.php
@@ -90,7 +90,7 @@
header('HTTP/1.1 304 Not Modified');
header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($imagepath)) .' GMT');
header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
- header('Cache-Control: public, max-age='.$lifetime);
+ header('Cache-Control: public, max-age='.$lifetime.', no-transform');
header('Content-Type: '.$mimetype);
header('Etag: "'.$etag.'"');
die;
@@ -109,7 +109,7 @@ function yui_image_cached($imagepath, $imagename, $mimetype, $etag) {
header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($imagepath)) .' GMT');
header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
header('Pragma: ');
- header('Cache-Control: public, max-age=315360000');
+ header('Cache-Control: public, max-age=315360000, no-transform');
header('Accept-Ranges: none');
header('Content-Type: '.$mimetype);
header('Content-Length: '.filesize($imagepath));

0 comments on commit 6cafb62

Please sign in to comment.