Permalink
Browse files

MDL-40379 Files Prevent mobile network providers from modifying content.

  • Loading branch information...
1 parent e71a533 commit a9df6656b8dc4dfa0e9128bb7f78aafc29804436 @scara scara committed with Matteo Scaramuccia Dec 28, 2013
Showing with 16 additions and 16 deletions.
  1. +8 −8 lib/filelib.php
  2. +2 −2 lib/tests/filelib_test.php
  3. +2 −2 lib/weblib.php
  4. +2 −2 theme/image.php
  5. +2 −2 theme/yui_image.php
View
@@ -2188,11 +2188,11 @@ function send_temp_file($path, $filename, $pathisstring=false) {
header('Content-Disposition: attachment; filename="'.$filename.'"');
if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431
- header('Cache-Control: private, max-age=10');
+ header('Cache-Control: private, max-age=10, no-transform');
header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
header('Pragma: ');
} else { //normal http - prevent caching at all cost
- header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0');
+ header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0, no-transform');
header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
header('Pragma: no-cache');
}
@@ -2274,18 +2274,18 @@ function send_file($path, $filename, $lifetime = null , $filter=0, $pathisstring
$private = ' private,';
}
$nobyteserving = false;
- header('Cache-Control:'.$private.' max-age='.$lifetime);
+ header('Cache-Control:'.$private.' max-age='.$lifetime.', no-transform');
header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
header('Pragma: ');
} else { // Do not cache files in proxies and browsers
$nobyteserving = true;
if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431
- header('Cache-Control: private, max-age=10');
+ header('Cache-Control: private, max-age=10, no-transform');
header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
header('Pragma: ');
} else { //normal http - prevent caching at all cost
- header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0');
+ header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0, no-transform');
header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
header('Pragma: no-cache');
}
@@ -2445,17 +2445,17 @@ function send_stored_file($stored_file, $lifetime=null, $filter=0, $forcedownloa
if (isloggedin() and !isguestuser()) {
$private = ' private,';
}
- header('Cache-Control:'.$private.' max-age='.$lifetime);
+ header('Cache-Control:'.$private.' max-age='.$lifetime.', no-transform');
header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
header('Pragma: ');
} else { // Do not cache files in proxies and browsers
if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431
- header('Cache-Control: private, max-age=10');
+ header('Cache-Control: private, max-age=10, no-transform');
header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
header('Pragma: ');
} else { //normal http - prevent caching at all cost
- header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0');
+ header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0, no-transform');
header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
header('Pragma: no-cache');
}
@@ -677,7 +677,7 @@ public function test_curl_strip_double_headers() {
HTTP/1.0 200 OK
Server: Apache
X-Lb-Nocache: true
-Cache-Control: private, max-age=15
+Cache-Control: private, max-age=15, no-transform
ETag: "4d69af5d8ba873ea9192c489e151bd7b"
Content-Type: text/html
Date: Thu, 08 Dec 2011 14:44:53 GMT
@@ -693,7 +693,7 @@ public function test_curl_strip_double_headers() {
HTTP/1.0 200 OK
Server: Apache
X-Lb-Nocache: true
-Cache-Control: private, max-age=15
+Cache-Control: private, max-age=15, no-transform
ETag: "4d69af5d8ba873ea9192c489e151bd7b"
Content-Type: text/html
Date: Thu, 08 Dec 2011 14:44:53 GMT
View
@@ -2034,13 +2034,13 @@ function send_headers($contenttype, $cacheable = true) {
if ($cacheable) {
// Allow caching on "back" (but not on normal clicks).
- @header('Cache-Control: private, pre-check=0, post-check=0, max-age=0');
+ @header('Cache-Control: private, pre-check=0, post-check=0, max-age=0, no-transform');
@header('Pragma: no-cache');
@header('Expires: ');
} else {
// Do everything we can to always prevent clients and proxies caching.
@header('Cache-Control: no-store, no-cache, must-revalidate');
- @header('Cache-Control: post-check=0, pre-check=0', false);
+ @header('Cache-Control: post-check=0, pre-check=0, no-transform', false);
@header('Pragma: no-cache');
@header('Expires: Mon, 20 Aug 1969 09:23:00 GMT');
@header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
View
@@ -111,7 +111,7 @@
$mimetype = get_contenttype_from_ext($ext);
header('HTTP/1.1 304 Not Modified');
header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
- header('Cache-Control: public, max-age='.$lifetime);
+ header('Cache-Control: public, max-age='.$lifetime.', no-transform');
header('Content-Type: '.$mimetype);
header('Etag: "'.$etag.'"');
die;
@@ -217,7 +217,7 @@ function send_cached_image($imagepath, $etag) {
header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($imagepath)) .' GMT');
header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
header('Pragma: ');
- header('Cache-Control: public, max-age='.$lifetime);
+ header('Cache-Control: public, max-age='.$lifetime.', no-transform');
header('Accept-Ranges: none');
header('Content-Type: '.$mimetype);
header('Content-Length: '.filesize($imagepath));
View
@@ -98,7 +98,7 @@
header('HTTP/1.1 304 Not Modified');
header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($imagepath)) .' GMT');
header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
- header('Cache-Control: public, max-age='.$lifetime);
+ header('Cache-Control: public, max-age='.$lifetime.', no-transform');
header('Content-Type: '.$mimetype);
header('Etag: "'.$etag.'"');
die;
@@ -117,7 +117,7 @@ function yui_image_cached($imagepath, $imagename, $mimetype, $etag) {
header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($imagepath)) .' GMT');
header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
header('Pragma: ');
- header('Cache-Control: public, max-age=315360000');
+ header('Cache-Control: public, max-age=315360000, no-transform');
header('Accept-Ranges: none');
header('Content-Type: '.$mimetype);
header('Content-Length: '.filesize($imagepath));

0 comments on commit a9df665

Please sign in to comment.