[BUGFIX] Send no-cache headers in t3lib_userauth
authorAlexander Stehlik <alexander.stehlik@googlemail.com>
Fri, 1 Apr 2011 17:32:21 +0000 (19:32 +0200)
committerSteffen Ritter <info@rs-websystems.de>
Wed, 7 Mar 2012 07:24:27 +0000 (08:24 +0100)
Adjust headers sent by t3lib_userauth to prevent caching, if
Internet Explorer is used when downloading files through PHP.

Change-Id: I94a3f1b7f05e15cef23519f76127114251a3eabc
Fixes: #24125
Releases: 4.4, 4.5, 4.6, 4.7, 4.8
Reviewed-on: http://review.typo3.org/4193
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Stefan Neufeind
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
t3lib/class.t3lib_userauth.php

index f689293..3802b74 100644 (file)
@@ -211,8 +211,25 @@ abstract class t3lib_userAuth {
                if ($this->sendNoCacheHeaders) {
                        header('Expires: 0');
                        header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
-                       header('Cache-Control: no-cache, must-revalidate');
-                       header('Pragma: no-cache');
+
+                       $cacheControlHeader = 'no-cache, must-revalidate';
+                       $pragmaHeader = 'no-cache';
+
+                               // Prevent error message in IE when using a https connection
+                               // see http://forge.typo3.org/issues/24125
+                       $clientInfo = t3lib_div::clientInfo();
+                       if (($clientInfo['BROWSER'] === 'msie') && t3lib_div::getIndpEnv('TYPO3_SSL')) {
+
+                                               // Some IEs can not handle no-cache
+                                               // see http://support.microsoft.com/kb/323308/en-us
+                                       $cacheControlHeader = 'must-revalidate';
+
+                                               // IE needs "Pragma: private" if SSL connection
+                                       $pragmaHeader = 'private';
+                       }
+
+                       header('Cache-Control: ' . $cacheControlHeader);
+                       header('Pragma: ' . $pragmaHeader);
                }
 
                        // Check to see if anyone has submitted login-information and if so register the user with the session. $this->user[uid] may be used to write log...