MDL-40379 Files Prevent mobile network providers from modifying content.

2025-01-17 21:49:15 +01:00 · 2013-12-28 12:00:18 +01:00 · 2013-12-28 12:00:18 +01:00 · c3a3f54053
commit c3a3f54053
parent bbb291b7b7
5 changed files with 16 additions and 16 deletions
--- a/lib/filelib.php
+++ b/lib/filelib.php
@ -2188,11 +2188,11 @@ function send_temp_file($path, $filename, $pathisstring=false) {

    header('Content-Disposition: attachment; filename="'.$filename.'"');
    if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431
-        header('Cache-Control: private, max-age=10');
+        header('Cache-Control: private, max-age=10, no-transform');
        header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
        header('Pragma: ');
    } else { //normal http - prevent caching at all cost
-        header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0');
+        header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0, no-transform');
        header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
        header('Pragma: no-cache');
    }
@ -2274,18 +2274,18 @@ function send_file($path, $filename, $lifetime = null , $filter=0, $pathisstring
            $private = ' private,';
        }
        $nobyteserving = false;
-        header('Cache-Control:'.$private.' max-age='.$lifetime);
+        header('Cache-Control:'.$private.' max-age='.$lifetime.', no-transform');
        header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
        header('Pragma: ');

    } else { // Do not cache files in proxies and browsers
        $nobyteserving = true;
        if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431
-            header('Cache-Control: private, max-age=10');
+            header('Cache-Control: private, max-age=10, no-transform');
            header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
            header('Pragma: ');
        } else { //normal http - prevent caching at all cost
-            header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0');
+            header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0, no-transform');
            header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
            header('Pragma: no-cache');
        }
@ -2445,17 +2445,17 @@ function send_stored_file($stored_file, $lifetime=null, $filter=0, $forcedownloa
        if (isloggedin() and !isguestuser()) {
            $private = ' private,';
        }
-        header('Cache-Control:'.$private.' max-age='.$lifetime);
+        header('Cache-Control:'.$private.' max-age='.$lifetime.', no-transform');
        header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
        header('Pragma: ');

    } else { // Do not cache files in proxies and browsers
        if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431
-            header('Cache-Control: private, max-age=10');
+            header('Cache-Control: private, max-age=10, no-transform');
            header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
            header('Pragma: ');
        } else { //normal http - prevent caching at all cost
-            header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0');
+            header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0, no-transform');
            header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
            header('Pragma: no-cache');
        }
--- a/lib/tests/filelib_test.php
+++ b/lib/tests/filelib_test.php
@ -677,7 +677,7 @@ Connection: close
 HTTP/1.0 200 OK
 Server: Apache
 X-Lb-Nocache: true
-Cache-Control: private, max-age=15
+Cache-Control: private, max-age=15, no-transform
 ETag: "4d69af5d8ba873ea9192c489e151bd7b"
 Content-Type: text/html
 Date: Thu, 08 Dec 2011 14:44:53 GMT
@ -693,7 +693,7 @@ EOF;
 HTTP/1.0 200 OK
 Server: Apache
 X-Lb-Nocache: true
-Cache-Control: private, max-age=15
+Cache-Control: private, max-age=15, no-transform
 ETag: "4d69af5d8ba873ea9192c489e151bd7b"
 Content-Type: text/html
 Date: Thu, 08 Dec 2011 14:44:53 GMT
--- a/lib/weblib.php
+++ b/lib/weblib.php
@ -2034,13 +2034,13 @@ function send_headers($contenttype, $cacheable = true) {

    if ($cacheable) {
        // Allow caching on "back" (but not on normal clicks).
-        @header('Cache-Control: private, pre-check=0, post-check=0, max-age=0');
+        @header('Cache-Control: private, pre-check=0, post-check=0, max-age=0, no-transform');
        @header('Pragma: no-cache');
        @header('Expires: ');
    } else {
        // Do everything we can to always prevent clients and proxies caching.
        @header('Cache-Control: no-store, no-cache, must-revalidate');
-        @header('Cache-Control: post-check=0, pre-check=0', false);
+        @header('Cache-Control: post-check=0, pre-check=0, no-transform', false);
        @header('Pragma: no-cache');
        @header('Expires: Mon, 20 Aug 1969 09:23:00 GMT');
        @header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
--- a/theme/image.php
+++ b/theme/image.php
@ -111,7 +111,7 @@ if ($rev > 0) {
            $mimetype = get_contenttype_from_ext($ext);
            header('HTTP/1.1 304 Not Modified');
            header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
-            header('Cache-Control: public, max-age='.$lifetime);
+            header('Cache-Control: public, max-age='.$lifetime.', no-transform');
            header('Content-Type: '.$mimetype);
            header('Etag: "'.$etag.'"');
            die;
@ -217,7 +217,7 @@ function send_cached_image($imagepath, $etag) {
    header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($imagepath)) .' GMT');
    header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
    header('Pragma: ');
-    header('Cache-Control: public, max-age='.$lifetime);
+    header('Cache-Control: public, max-age='.$lifetime.', no-transform');
    header('Accept-Ranges: none');
    header('Content-Type: '.$mimetype);
    header('Content-Length: '.filesize($imagepath));
--- a/theme/yui_image.php
+++ b/theme/yui_image.php
@ -98,7 +98,7 @@ if (strpos($path, '/-1/') === false and (!empty($_SERVER['HTTP_IF_NONE_MATCH'])
    header('HTTP/1.1 304 Not Modified');
    header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($imagepath)) .' GMT');
    header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
-    header('Cache-Control: public, max-age='.$lifetime);
+    header('Cache-Control: public, max-age='.$lifetime.', no-transform');
    header('Content-Type: '.$mimetype);
    header('Etag: "'.$etag.'"');
    die;
@ -117,7 +117,7 @@ function yui_image_cached($imagepath, $imagename, $mimetype, $etag) {
    header('Last-Modified: '. gmdate('D, d M Y H:i:s', filemtime($imagepath)) .' GMT');
    header('Expires: '. gmdate('D, d M Y H:i:s', time() + $lifetime) .' GMT');
    header('Pragma: ');
-    header('Cache-Control: public, max-age=315360000');
+    header('Cache-Control: public, max-age=315360000, no-transform');
    header('Accept-Ranges: none');
    header('Content-Type: '.$mimetype);
    header('Content-Length: '.filesize($imagepath));