MDL-40002 Files: ETag value must be a quoted-string.

ETag value must be double quoted, http://tools.ietf.org/html/rfc2616#section-3.11. More details about potential impacts in MDL-39832: shortly, at least when using HTTP Partial GET Requests (HTTP Status: 206) plus X-Sendfile HTTP Header. In this commit, the impact is to be RFC2616 compliant when using the ETag Header.
moodle · Jun 9, 2013 · f082c5e · f082c5e
1 parent 1430866
commit f082c5e
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 13 deletions.
diff --git a/lib/csslib.php b/lib/csslib.php
@@ -228,7 +228,7 @@ function css_send_ie_css($themename, $rev, $etag, $slasharguments) {
         $css .= "\n@import url($relroot/styles.php?theme=$themename&rev=$rev&type=theme);";
     }
 
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
     header('Content-Disposition: inline; filename="styles.php"');
     header('Last-Modified: '. gmdate('D, d M Y H:i:s', time()) .' GMT');
     header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
@@ -254,7 +254,7 @@ function css_send_ie_css($themename, $rev, $etag, $slasharguments) {
 function css_send_cached_css($csspath, $etag) {
     $lifetime = 60*60*24*60; // 60 days only - the revision may get incremented quite often
 
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
     header('Content-Disposition: inline; filename="styles.php"');
     header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($csspath)) .' GMT');
     header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
@@ -312,7 +312,7 @@ function css_send_unmodified($lastmodified, $etag) {
     header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
     header('Cache-Control: public, max-age='.$lifetime);
     header('Content-Type: text/css; charset=utf-8');
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
     if ($lastmodified) {
         header('Last-Modified: '. gmdate('D, d M Y H:i:s', $lastmodified) .' GMT');
     }

diff --git a/lib/jslib.php b/lib/jslib.php
@@ -36,7 +36,7 @@ function js_send_cached($jspath, $etag, $filename = 'javascript.php') {
 
     $lifetime = 60*60*24*60; // 60 days only - the revision may get incremented quite often
 
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
     header('Content-Disposition: inline; filename="'.$filename.'"');
     header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($jspath)) .' GMT');
     header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
@@ -86,7 +86,7 @@ function js_send_unmodified($lastmodified, $etag) {
     header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
     header('Cache-Control: public, max-age='.$lifetime);
     header('Content-Type: application/javascript; charset=utf-8');
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
     if ($lastmodified) {
         header('Last-Modified: '. gmdate('D, d M Y H:i:s', $lastmodified) .' GMT');
     }

diff --git a/theme/image.php b/theme/image.php
@@ -113,7 +113,7 @@
             header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
             header('Cache-Control: public, max-age='.$lifetime);
             header('Content-Type: '.$mimetype);
-            header('Etag: '.$etag);
+            header('Etag: "'.$etag.'"');
             die;
         }
         send_cached_image($cacheimage, $etag);
@@ -205,7 +205,7 @@ function send_cached_image($imagepath, $etag) {
 
     $mimetype = get_contenttype_from_ext($pathinfo['extension']);
 
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
     header('Content-Disposition: inline; filename="'.$imagename.'"');
     header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($imagepath)) .' GMT');
     header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');

diff --git a/theme/jquery.php b/theme/jquery.php
@@ -118,13 +118,13 @@
     header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
     header('Cache-Control: public, max-age='.$lifetime);
     header('Content-Type: '.$mimetype);
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
     die;
 }
 
 require_once("$CFG->dirroot/lib/xsendfilelib.php");
 
-header('Etag: '.$etag);
+header('Etag: "'.$etag.'"');
 header('Content-Disposition: inline; filename="'.$filename.'"');
 header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($file)) .' GMT');
 header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');

diff --git a/theme/yui_combo.php b/theme/yui_combo.php
@@ -60,7 +60,7 @@
     header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
     header('Cache-Control: public, max-age='.$lifetime);
     header('Content-Type: '.$mimetype);
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
     die;
 }
 
@@ -223,7 +223,7 @@ function combo_send_cached($content, $mimetype, $etag, $lastmodified) {
     header('Cache-Control: public, max-age='.$lifetime);
     header('Accept-Ranges: none');
     header('Content-Type: '.$mimetype);
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
     if (!min_enable_zlib_compression()) {
         header('Content-Length: '.strlen($content));
     }

diff --git a/theme/yui_image.php b/theme/yui_image.php
@@ -103,7 +103,7 @@
     header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
     header('Cache-Control: public, max-age='.$lifetime);
     header('Content-Type: '.$mimetype);
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
     die;
 }
 
@@ -124,7 +124,7 @@ function yui_image_cached($imagepath, $imagename, $mimetype, $etag) {
     header('Accept-Ranges: none');
     header('Content-Type: '.$mimetype);
     header('Content-Length: '.filesize($imagepath));
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
 
     if (xsendfile($imagepath)) {
         die;