From: Rob Church <robchurch@users.mediawiki.org>
Date: Mon, 1 Jan 2007 02:04:15 +0000 (+0000)
Subject: * Do not allow previews of deleted images to be cached
X-Git-Tag: 1.31.0-rc.0~54709
X-Git-Url: http://git.cyclocoop.org/url?a=commitdiff_plain;h=3a65f760167a05b999820f77f06340473ddc3fca;p=lhc%2Fweb%2Fwiklou.git

* Do not allow previews of deleted images to be cached
* I've done this with a Cache-Control: no-cache header() call within UndeleteForm::showFile(), but I would appreciate a review to be sure this is the best method. It's possible for an administrator to preview a deleted image, and for this response to be cached such that a user without appropriate permissions can then access the preview.
---

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index a2d86f72ef..a958171e19 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -442,7 +442,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
   if possible (should not happen, though, outside interwiki transclusion... and
   maybe not even then, but it does)
 * (bug 8447) Fix SQL typo breaking non-default $wgHitcounterUpdateFreq
-
+* Do not allow previews of deleted images to be cached
 
 == Languages updated ==
 
diff --git a/includes/SpecialUndelete.php b/includes/SpecialUndelete.php
index d390ed65ad..e471344070 100644
--- a/includes/SpecialUndelete.php
+++ b/includes/SpecialUndelete.php
@@ -578,6 +578,11 @@ class UndeleteForm {
 		global $wgOut;
 		$wgOut->disable();
 		
+		# We mustn't allow the output to be Squid cached, otherwise
+		# if an admin previews a deleted image, and it's cached, then
+		# a user without appropriate permissions can toddle off and
+		# nab the image, and Squid will serve it
+		header( 'Cache-Control: no-cache' );			
 		$store = FileStore::get( 'deleted' );
 		$store->stream( $key );
 	}