From 5c72eb294ab1527b8da1b261cfbffeeb7ff98c9f Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Wed, 3 Dec 2008 14:51:53 +0000
Subject: - Patch #327269 by c960657: when drupal_page_cache_header() compares
 the client's If-Modified-Since header to $cache->created, it assumed a
 certain date format.  However, HTTP/1.1 allows several variations of the date
 format, i.e. the same time may be represented in slightly different ways. If
 the client sends the date in a different format than the one generated by
 Drupal, it would never receive a 304 Not Modified response.  Also added a
 good amount of tests for the drupal_page_cache_header() code.

---
 includes/bootstrap.inc | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

(limited to 'includes/bootstrap.inc')

diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index 59fb3f039..1f3db1aa3 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -730,17 +730,16 @@ function drupal_page_header() {
  *
  */
 function drupal_page_cache_header($cache) {
-  // Set default values:
-  $last_modified = gmdate('D, d M Y H:i:s', $cache->created) . ' GMT';
-  $etag = '"' . md5($last_modified) . '"';
+  // Create entity tag based on cache update time.
+  $etag = '"' . md5($cache->created) . '"';
 
-  // See if the client has provided the required HTTP headers:
-  $if_modified_since = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? stripslashes($_SERVER['HTTP_IF_MODIFIED_SINCE']) : FALSE;
+  // See if the client has provided the required HTTP headers.
+  $if_modified_since = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) : FALSE;
   $if_none_match = isset($_SERVER['HTTP_IF_NONE_MATCH']) ? stripslashes($_SERVER['HTTP_IF_NONE_MATCH']) : FALSE;
 
   if ($if_modified_since && $if_none_match
       && $if_none_match == $etag // etag must match
-      && $if_modified_since == $last_modified) {  // if-modified-since must match
+      && $if_modified_since == $cache->created) {  // if-modified-since must match
     header($_SERVER['SERVER_PROTOCOL'] . ' 304 Not Modified');
     // All 304 responses must send an etag if the 200 response for the same object contained an etag
     header("Etag: $etag");
@@ -748,7 +747,7 @@ function drupal_page_cache_header($cache) {
   }
 
   // Send appropriate response:
-  header("Last-Modified: $last_modified");
+  header("Last-Modified: " . gmdate(DATE_RFC1123, $cache->created));
   header("ETag: $etag");
 
   // The following headers force validation of cache:
-- 
cgit v1.2.3