From 06eca48648c22c94f8219fd40a936dae053d49c6 Mon Sep 17 00:00:00 2001
From: Matteo Scaramuccia <moodle@matteoscaramuccia.com>
Date: Sun, 9 Jun 2013 09:43:36 +0200
Subject: [PATCH] MDL-40002 Files: ETag value must be a quoted-string.

ETag value must be double quoted, http://tools.ietf.org/html/rfc2616#section-3.11.
More details about potential impacts in MDL-39832: shortly, at least when using
HTTP Partial GET Requests (HTTP Status: 206) plus X-Sendfile HTTP Header.
In this commit, the impact is to be RFC2616 compliant when using the ETag Header.
---
 lib/csslib.php      | 6 +++---
 lib/jslib.php       | 4 ++--
 theme/image.php     | 4 ++--
 theme/jquery.php    | 4 ++--
 theme/yui_combo.php | 4 ++--
 theme/yui_image.php | 4 ++--
 6 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/lib/csslib.php b/lib/csslib.php
index 85519994ace..cb6faf3b26c 100644
--- a/lib/csslib.php
+++ b/lib/csslib.php
@@ -228,7 +228,7 @@ function css_send_ie_css($themename, $rev, $etag, $slasharguments) {
         $css .= "\n@import url($relroot/styles.php?theme=$themename&rev=$rev&type=theme);";
     }
 
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
     header('Content-Disposition: inline; filename="styles.php"');
     header('Last-Modified: '. gmdate('D, d M Y H:i:s', time()) .' GMT');
     header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
@@ -254,7 +254,7 @@ function css_send_ie_css($themename, $rev, $etag, $slasharguments) {
 function css_send_cached_css($csspath, $etag) {
     $lifetime = 60*60*24*60; // 60 days only - the revision may get incremented quite often
 
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
     header('Content-Disposition: inline; filename="styles.php"');
     header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($csspath)) .' GMT');
     header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
@@ -312,7 +312,7 @@ function css_send_unmodified($lastmodified, $etag) {
     header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
     header('Cache-Control: public, max-age='.$lifetime);
     header('Content-Type: text/css; charset=utf-8');
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
     if ($lastmodified) {
         header('Last-Modified: '. gmdate('D, d M Y H:i:s', $lastmodified) .' GMT');
     }
diff --git a/lib/jslib.php b/lib/jslib.php
index 1d20bbd3b64..bbfb895e534 100644
--- a/lib/jslib.php
+++ b/lib/jslib.php
@@ -36,7 +36,7 @@ function js_send_cached($jspath, $etag, $filename = 'javascript.php') {
 
     $lifetime = 60*60*24*60; // 60 days only - the revision may get incremented quite often
 
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
     header('Content-Disposition: inline; filename="'.$filename.'"');
     header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($jspath)) .' GMT');
     header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
@@ -86,7 +86,7 @@ function js_send_unmodified($lastmodified, $etag) {
     header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
     header('Cache-Control: public, max-age='.$lifetime);
     header('Content-Type: application/javascript; charset=utf-8');
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
     if ($lastmodified) {
         header('Last-Modified: '. gmdate('D, d M Y H:i:s', $lastmodified) .' GMT');
     }
diff --git a/theme/image.php b/theme/image.php
index f3f1c7ab086..556f966c447 100644
--- a/theme/image.php
+++ b/theme/image.php
@@ -113,7 +113,7 @@ if ($rev > -1) {
             header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
             header('Cache-Control: public, max-age='.$lifetime);
             header('Content-Type: '.$mimetype);
-            header('Etag: '.$etag);
+            header('Etag: "'.$etag.'"');
             die;
         }
         send_cached_image($cacheimage, $etag);
@@ -205,7 +205,7 @@ function send_cached_image($imagepath, $etag) {
 
     $mimetype = get_contenttype_from_ext($pathinfo['extension']);
 
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
     header('Content-Disposition: inline; filename="'.$imagename.'"');
     header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($imagepath)) .' GMT');
     header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
diff --git a/theme/jquery.php b/theme/jquery.php
index 9a4b53ce523..fcc25583750 100644
--- a/theme/jquery.php
+++ b/theme/jquery.php
@@ -118,13 +118,13 @@ if (!empty($_SERVER['HTTP_IF_NONE_MATCH']) || !empty($_SERVER['HTTP_IF_MODIFIED_
     header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
     header('Cache-Control: public, max-age='.$lifetime);
     header('Content-Type: '.$mimetype);
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
     die;
 }
 
 require_once("$CFG->dirroot/lib/xsendfilelib.php");
 
-header('Etag: '.$etag);
+header('Etag: "'.$etag.'"');
 header('Content-Disposition: inline; filename="'.$filename.'"');
 header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($file)) .' GMT');
 header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
diff --git a/theme/yui_combo.php b/theme/yui_combo.php
index 8f73aa90b92..8d27525b396 100644
--- a/theme/yui_combo.php
+++ b/theme/yui_combo.php
@@ -60,7 +60,7 @@ if (strpos($parts, '/-1/') === false and (!empty($_SERVER['HTTP_IF_NONE_MATCH'])
     header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
     header('Cache-Control: public, max-age='.$lifetime);
     header('Content-Type: '.$mimetype);
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
     die;
 }
 
@@ -223,7 +223,7 @@ function combo_send_cached($content, $mimetype, $etag, $lastmodified) {
     header('Cache-Control: public, max-age='.$lifetime);
     header('Accept-Ranges: none');
     header('Content-Type: '.$mimetype);
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
     if (!min_enable_zlib_compression()) {
         header('Content-Length: '.strlen($content));
     }
diff --git a/theme/yui_image.php b/theme/yui_image.php
index 508bf3e8786..c88d33d0d2d 100644
--- a/theme/yui_image.php
+++ b/theme/yui_image.php
@@ -103,7 +103,7 @@ if (strpos($path, '/-1/') === false and (!empty($_SERVER['HTTP_IF_NONE_MATCH'])
     header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
     header('Cache-Control: public, max-age='.$lifetime);
     header('Content-Type: '.$mimetype);
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
     die;
 }
 
@@ -124,7 +124,7 @@ function yui_image_cached($imagepath, $imagename, $mimetype, $etag) {
     header('Accept-Ranges: none');
     header('Content-Type: '.$mimetype);
     header('Content-Length: '.filesize($imagepath));
-    header('Etag: '.$etag);
+    header('Etag: "'.$etag.'"');
 
     if (xsendfile($imagepath)) {
         die;