[BUGFIX] Send no-cache headers in t3lib_userauth
authorAlexander Stehlik <alexander.stehlik@googlemail.com>
Fri, 1 Apr 2011 17:32:21 +0000 (19:32 +0200)
committerGeorg Ringer <mail@ringerge.org>
Sat, 10 Mar 2012 06:58:38 +0000 (07:58 +0100)
Adjust headers sent by t3lib_userauth to prevent caching, if
Internet Explorer is used when downloading files through PHP.

Change-Id: I94a3f1b7f05e15cef23519f76127114251a3eabc
Fixes: #24125
Releases: 4.4, 4.5, 4.6, 4.7, 4.8
Reviewed-on: http://review.typo3.org/6698
Reviewed-by: Stefan Neufeind
Reviewed-by: Sebastian Fischer
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
t3lib/class.t3lib_userauth.php

index 8455cdb..79ff8c8 100644 (file)
@@ -256,8 +256,25 @@ class t3lib_userAuth {
                if ($this->sendNoCacheHeaders) {
                        header('Expires: 0');
                        header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
-                       header('Cache-Control: no-cache, must-revalidate');
-                       header('Pragma: no-cache');
+
+                       $cacheControlHeader = 'no-cache, must-revalidate';
+                       $pragmaHeader = 'no-cache';
+
+                               // Prevent error message in IE when using a https connection
+                               // see http://forge.typo3.org/issues/24125
+                       $clientInfo = t3lib_div::clientInfo();
+                       if (($clientInfo['BROWSER'] === 'msie') && t3lib_div::getIndpEnv('TYPO3_SSL')) {
+
+                                               // Some IEs can not handle no-cache
+                                               // see http://support.microsoft.com/kb/323308/en-us
+                                       $cacheControlHeader = 'must-revalidate';
+
+                                               // IE needs "Pragma: private" if SSL connection
+                                       $pragmaHeader = 'private';
+                       }
+
+                       header('Cache-Control: ' . $cacheControlHeader);
+                       header('Pragma: ' . $pragmaHeader);
                }
 
                        // Check to see if anyone has submitted login-information and if so register the user with the session. $this->user[uid] may be used to write log...