PITS /

01191: HandleDownload should respect EnableIMSCaching

Summary: HandleDownload should respect EnableIMSCaching

Created: 2010-05-10 04:43

Status: Closed - added for 2.2.17

Category: Bug

From: Eemeli Aro

Assigned:

Priority: 5

Version: 2.2.x

Description: Setting the $EnableIMSCaching variable should also enable the caching of attached files. Currently, if $EnableDirectDownload is disabled, all requests for attachments will be replied to with the full file, even if a 304 Not modified reply would be valid.

To fix this, the following patch is required in upload.php:

--- scripts/upload.php	2010-05-10 10:18:32.000000000 +0300
+++ scripts/upload.php	2010-05-10 12:50:07.000000000 +0300
@@ -176,5 +176,5 @@
 function HandleDownload($pagename, $auth = 'read') {
-  global $UploadFileFmt, $UploadExts, $DownloadDisposition;
+  global $UploadFileFmt, $UploadExts, $DownloadDisposition, $EnableIMSCaching;
   SDV($DownloadDisposition, "inline");
   UploadAuth($pagename, $auth);
   $upname = MakeUploadName($pagename, @$_REQUEST['upname']);
@@ -184,6 +184,14 @@
     Abort("?requested file not found");
     exit();
   }
+  if (IsEnabled($EnableIMSCaching, 0)) {
+    header('Cache-Control: ');
+    header('Expires: ');
+    $filelastmod = gmdate('D, d M Y H:i:s \G\M\T', filemtime($filepath));
+    if (@$_SERVER['HTTP_IF_MODIFIED_SINCE'] == $filelastmod)
+      { header("HTTP/1.0 304 Not Modified"); exit(); }
+    header("Last-Modified: $filelastmod");
+  }
   preg_match('/\\.([^.]+)$/',$filepath,$match); 
   if ($UploadExts[@$match[1]]) 
     header("Content-Type: {$UploadExts[@$match[1]]}");

Do we want to use header('Cache-Control: no-cache'); to prevent proxies and caches to store the protected file? --Petko May 27, 2010, at 03:46 PM

Could do. header('Cache-Control: private'); is a little bit more lenient and sounds like a more appropriate response, but no-cache would be fine as well. —Eemeli Aro

Private added. Thanks! --Petko

Array ( [post_max_size] => 64M [$_POST keys] => [$_REQUEST keys] => n [$_SERVER] => Array ( [CONTEXT_DOCUMENT_ROOT] => /home/pmwiki/public_html [CONTEXT_PREFIX] => [DOCUMENT_ROOT] => /home/pmwiki/public_html [GATEWAY_INTERFACE] => CGI/1.1 [HTTPS] => on [HTTP_ACCEPT] => */* [HTTP_ACCEPT_ENCODING] => gzip, br, zstd, deflate [HTTP_HOST] => www.pmwiki.org [HTTP_REFERER] => https://www.pmwiki.org/PITS/01191 [HTTP_USER_AGENT] => Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) [HTTP_X_HTTPS] => 1 [PATH] => /bin:/usr/bin [PHP_INI_SCAN_DIR] => /opt/cpanel/ea-php70/root/etc:/opt/cpanel/ea-php70/root/etc/php.d:. [QUERY_STRING] => n=PITS%2f01191 [REDIRECT_HTTPS] => on [REDIRECT_QUERY_STRING] => n=PITS%2f01191 [REDIRECT_SCRIPT_URI] => https://www.pmwiki.org/wiki/PITS/01191 [REDIRECT_SCRIPT_URL] => /wiki/PITS/01191 [REDIRECT_SSL_TLS_SNI] => www.pmwiki.org [REDIRECT_STATUS] => 200 [REDIRECT_UNIQUE_ID] => afMR-O9BpHqJJvGp33pB-AAAAAY [REDIRECT_URL] => /wiki/PITS/01191 [REMOTE_ADDR] => 216.73.216.25 [REMOTE_PORT] => 33739 [REQUEST_METHOD] => GET [REQUEST_SCHEME] => https [REQUEST_URI] => /wiki/PITS/01191 [SCRIPT_FILENAME] => /home/pmwiki/public_html/index.php [SCRIPT_NAME] => /index.php [SCRIPT_URI] => https://www.pmwiki.org/wiki/PITS/01191 [SCRIPT_URL] => /wiki/PITS/01191 [SERVER_ADDR] => 23.254.203.248 [SERVER_ADMIN] => webmaster@pmwiki.org [SERVER_NAME] => www.pmwiki.org [SERVER_PORT] => 443 [SERVER_PROTOCOL] => HTTP/1.1 [SERVER_SIGNATURE] => [SERVER_SOFTWARE] => Apache [SSL_TLS_SNI] => www.pmwiki.org [TZ] => America/Los_Angeles [UNIQUE_ID] => afMR-O9BpHqJJvGp33pB-AAAAAY [PHP_SELF] => /index.php [REQUEST_TIME_FLOAT] => 1777537528.3584 [REQUEST_TIME] => 1777537528 [argv] => Array ( [0] => n=PITS%2f01191 ) [argc] => 1 ) )

01191: HandleDownload should respect EnableIMSCaching

See also