• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Fixed [minor improment] ETag header should be quoted-string

#1
ETag HTTP header XF controller Attachment (Public & Admin) is just $attachment['attach_date'] without quotes.
Arcoding to RFC2612#sec3.11, this is not a valid ETag header.
This issue can be fixed by apply the following patches:

Left base folder: /xenforo_1.2.5_x_full.zip
Right base folder: /xf_modified
diff -r upload/library/XenForo/ControllerAdmin/Attachment.php upload/library/XenForo/ControllerAdmin/Attachment.php
187c187
< if ($eTag && $eTag == $attachment['attach_date'])
---
> if ($eTag && $eTag == '"'.$attachment['attach_date'].'"')

diff -r upload/library/XenForo/ControllerPublic/Attachment.php upload/library/XenForo/ControllerPublic/Attachment.php
40c40
< if ($eTag && $eTag == $attachment['attach_date'])
---
> if ($eTag && $eTag == '"'.$attachment['attach_date'].'"')

diff -r upload/library/XenForo/ViewAdmin/Attachment/View.php upload/library/XenForo/ViewAdmin/Attachment/View.php
35c35
< $this->_response->setHeader('ETag', $attachment['attach_date'], true);
---
> $this->_response->setHeader('ETag', '"'.$attachment['attach_date'].'"', true);

diff -r upload/library/XenForo/ViewPublic/Attachment/View.php upload/library/XenForo/ViewPublic/Attachment/View.php
34c34
< $this->_response->setHeader('ETag', $attachment['attach_date'], true);
---
> $this->_response->setHeader('ETag', '"'.$attachment['attach_date'].'"', true);
 
Last edited by a moderator: