Fix #5315: "Expires: -1" HTTP header not strictly RFC valid

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 94c09a8..5dcfbfb 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -130,6 +130,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * Improvements to update scripts; print out the version, check for superuser credentials
   before attempting a connection, and produce a friendlier error if the connection fails
 * (bug 5005): Fix XHTML <gallery> output.
+* (bug 5315) "Expires: -1" HTTP header made strictly valid (using 1970 date).
 
 == Compatibility ==
 

diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index 4aecedb..d6e653a 100644 (file)
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -445,7 +445,7 @@ class OutputPage {
                                # We do want clients to cache if they can, but they *must* check for updates
                                # on revisiting the page.
                                wfDebug( "** private caching; {$this->mLastModified} **\n", false );
-                               header( "Expires: -1" );
+                               header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', 0 ) . ' GMT' );
                                header( "Cache-Control: private, must-revalidate, max-age=0" );
                        }
                        if($this->mLastModified) header( "Last-modified: {$this->mLastModified}" );
@@ -454,7 +454,7 @@ class OutputPage {
 
                        # In general, the absence of a last modified header should be enough to prevent
                        # the client from using its cache. We send a few other things just to make sure.
-                       header( 'Expires: -1' );
+                       header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', 0 ) . ' GMT' );
                        header( 'Cache-Control: no-cache, no-store, max-age=0, must-revalidate' );
                        header( 'Pragma: no-cache' );
                }