From: Bryan Davis Date: Wed, 24 Feb 2016 06:03:17 +0000 (-0700) Subject: Guard against allowing intermediate caching when cookies are present X-Git-Tag: 1.31.0-rc.0~7704^2 X-Git-Url: http://git.cyclocoop.org/%40spipnet%40?a=commitdiff_plain;h=8b413431d760ffa8b00a9478f14f5058f033ee7b;p=lhc%2Fweb%2Fwiklou.git Guard against allowing intermediate caching when cookies are present Output cache-control headers that disable intermediate caching even if OutputPage->mEnableClientCache is true when the response includes set-cookie headers as well. This change mirrors logic that has been in use on the Wikimedia Foundation production cluster's Varnish cache system for over 2 years to guard against accidentally caching backend responses which include Set-Cookie headers. Co-Author: Max Semenik Bug: T127993 Change-Id: I1a0d38a5b9dba754b91a7832371b3dc0df51bd5a --- diff --git a/includes/OutputPage.php b/includes/OutputPage.php index 5d1d5d0cdf..dfab03ab3e 100644 --- a/includes/OutputPage.php +++ b/includes/OutputPage.php @@ -2213,8 +2213,12 @@ class OutputPage extends ContextSource { if ( $this->mEnableClientCache ) { if ( - $config->get( 'UseSquid' ) && !SessionManager::getGlobalSession()->isPersistent() && - !$this->isPrintable() && $this->mCdnMaxage != 0 && !$this->haveCacheVaryCookies() + $config->get( 'UseSquid' ) && + !$response->hasCookies() && + !SessionManager::getGlobalSession()->isPersistent() && + !$this->isPrintable() && + $this->mCdnMaxage != 0 && + !$this->haveCacheVaryCookies() ) { if ( $config->get( 'UseESI' ) ) { # We'll purge the proxy cache explicitly, but require end user agents diff --git a/includes/WebResponse.php b/includes/WebResponse.php index c7d0a5bea8..458c2079e4 100644 --- a/includes/WebResponse.php +++ b/includes/WebResponse.php @@ -179,6 +179,16 @@ class WebResponse { public function clearCookie( $name, $options = [] ) { $this->setCookie( $name, '', time() - 31536000 /* 1 year */, $options ); } + + /** + * Checks whether this request is performing cookie operations + * + * @return bool + * @since 1.27 + */ + public function hasCookies() { + return (bool)self::$setCookies; + } } /**