diff options
author | webchick <webchick@24967.no-reply.drupal.org> | 2012-05-02 15:01:31 -0700 |
---|---|---|
committer | webchick <webchick@24967.no-reply.drupal.org> | 2012-05-02 15:01:31 -0700 |
commit | 9879d29f731570a34b24c4eae4cc8cb30c7a5082 (patch) | |
tree | b28fe3274dca5fb773ec91718f30a617b275fd2e /modules/image | |
parent | b1f01b20ea67f6494421765b17afa17394e7a4b0 (diff) | |
download | brdo-9879d29f731570a34b24c4eae4cc8cb30c7a5082.tar.gz brdo-9879d29f731570a34b24c4eae4cc8cb30c7a5082.tar.bz2 |
Drupal 7.13
Diffstat (limited to 'modules/image')
-rw-r--r-- | modules/image/image.module | 9 | ||||
-rw-r--r-- | modules/image/image.test | 15 |
2 files changed, 18 insertions, 6 deletions
diff --git a/modules/image/image.module b/modules/image/image.module index 066bd34d8..bca520e6f 100644 --- a/modules/image/image.module +++ b/modules/image/image.module @@ -297,12 +297,9 @@ function image_file_download($uri) { // Send headers describing the image's size, and MIME-type... 'Content-Type' => $info['mime_type'], 'Content-Length' => $info['file_size'], - // ...and allow the file to be cached for two weeks (matching the - // value we/ use for the mod_expires settings in .htaccess) and - // ensure that caching proxies do not share the image with other - // users. - 'Expires' => gmdate(DATE_RFC1123, REQUEST_TIME + 1209600), - 'Cache-Control' => 'max-age=1209600, private, must-revalidate', + // By not explicitly setting them here, this uses normal Drupal + // Expires, Cache-Control and ETag headers to prevent proxy or + // browser caching of private images. ); } } diff --git a/modules/image/image.test b/modules/image/image.test index 3b7f3e7d7..ff5083a3d 100644 --- a/modules/image/image.test +++ b/modules/image/image.test @@ -209,7 +209,22 @@ class ImageStylesPathAndUrlUnitTest extends DrupalWebTestCase { $this->assertEqual($this->drupalGetHeader('Content-Type'), $generated_image_info['mime_type'], t('Expected Content-Type was reported.')); $this->assertEqual($this->drupalGetHeader('Content-Length'), $generated_image_info['file_size'], t('Expected Content-Length was reported.')); if ($scheme == 'private') { + $this->assertEqual($this->drupalGetHeader('Expires'), 'Sun, 19 Nov 1978 05:00:00 GMT', t('Expires header was sent.')); + $this->assertEqual($this->drupalGetHeader('Cache-Control'), 'no-cache, must-revalidate, post-check=0, pre-check=0', t('Cache-Control header was set to prevent caching.')); $this->assertEqual($this->drupalGetHeader('X-Image-Owned-By'), 'image_module_test', t('Expected custom header has been added.')); + // Verify access is denied to private image styles. + $this->drupalLogout(); + $this->drupalGet($generate_url); + $this->assertResponse(403, t('Confirmed that access is denied for the private image style.') ); + // Verify that images are not appended to the response. Currently this test only uses PNG images. + if (strpos($generate_url, '.png') === FALSE ) { + $this->fail( t('Confirming that private image styles are not appended require PNG file.') ); + } + else { + // Check for PNG-Signature (cf. http://www.libpng.org/pub/png/book/chapter08.html#png.ch08.div.2) in the + // response body. + $this->assertNoRaw( chr(137) . chr(80) . chr(78) . chr(71) . chr(13) . chr(10) . chr(26) . chr(10), t('No PNG signature found in the response body.') ); + } } } } |