- Patch #147310 by c960657: added tests for private files, fixed a problem with private files and minor improvements.

includes/bootstrap.inc

@@ -768,25 +768,25 @@ function drupal_set_header($name = NULL, $value = NULL, $append = FALSE) {
   // Save status codes using the special key ":status".
   if (preg_match('/^\d{3} /', $name)) {
     $value = $name;
-    $name = ':status';
+    $name = $name_lower = ':status';
   }
   else {
-    _drupal_set_preferred_header_name($name);
-    $name = strtolower($name);
+    $name_lower = strtolower($name);
   }
+  _drupal_set_preferred_header_name($name);
 
   if (!isset($value)) {
-    $headers[$name] = FALSE;
+    $headers[$name_lower] = FALSE;
   }
-  elseif (isset($headers[$name]) && $append) {
+  elseif (isset($headers[$name_lower]) && $append) {
     // Multiple headers with identical names may be combined using comma (RFC
     // 2616, section 4.2).
-    $headers[$name] .= ',' . $value;
+    $headers[$name_lower] .= ',' . $value;
   }
   else {
-    $headers[$name] = $value;
+    $headers[$name_lower] = $value;
   }
-  drupal_send_headers(array($name => $headers[$name]), TRUE);
+  drupal_send_headers(array($name => $headers[$name_lower]), TRUE);
 }
 
 /**

includes/common.inc

@@ -3027,8 +3027,14 @@ function page_set_cache() {
       'data' => ob_get_clean(),
       'expire' => CACHE_TEMPORARY,
       'created' => REQUEST_TIME,
-      'headers' => drupal_get_header(),
+      'headers' => array(),
     );
+    // Restore preferred header names based on the lower-case names returned
+    // by drupal_get_header().
+    $header_names = _drupal_set_preferred_header_name();
+    foreach (drupal_get_header() as $name_lower => $value) {
+      $cache->headers[$header_names[$name_lower]] = $value;
+    }
     if (variable_get('page_compression', TRUE) && function_exists('gzencode')) {
       // We do not store the data in case the zlib mode is deflate. This should
       // be rarely happening.

modules/system/system.api.php

@@ -1249,8 +1249,8 @@ function hook_file_download($filepath) {
       return -1;
     }
     return array(
-      'Content-Type: ' . $file->filemime,
-      'Content-Length: ' . $file->filesize,
+      'Content-Type' => $file->filemime,
+      'Content-Length' => $file->filesize,
     );
   }
 }

modules/upload/upload.module

@@ -156,8 +156,8 @@ function upload_file_download($filepath) {
 
   if ($file && user_access('view uploaded files') && ($node = node_load($file->nid)) && node_access('view', $node)) {
     return array(
-      'Content-Type: ' . $file->filemime,
-      'Content-Length: ' . $file->filesize,
+      'Content-Type' => $file->filemime,
+      'Content-Length' => $file->filesize,
     );
   }
   else {

modules/upload/upload.test

@@ -51,6 +51,11 @@ class UploadTestCase extends DrupalWebTestCase {
     $this->checkUploadedFile(basename($files[0]));
     $this->checkUploadedFile(basename($files[1]));
 
+    // Check that files are also accessible when using private files.
+    variable_set('file_downloads', FILE_DOWNLOADS_PRIVATE);
+    $this->checkUploadedFile(basename($files[0]));
+    $this->checkUploadedFile(basename($files[1]));
+
     // Assure that the attachment link appears on teaser view and has correct count.
     $node = node_load($node->nid);
     $teaser = drupal_render(node_build($node, TRUE));
@@ -195,9 +200,10 @@ class UploadTestCase extends DrupalWebTestCase {
    */
   function checkUploadedFile($filename) {
     global $base_url;
-    $file = realpath(file_directory_path() . '/' . $filename);
-    $this->drupalGet($base_url . '/' . file_directory_path() . '/' . $filename, array('external' => TRUE));
+    $file = file_directory_path() . '/' . $filename;
+    $this->drupalGet(file_create_url($file), array('external' => TRUE));
     $this->assertResponse(array(200), 'Uploaded ' . $filename . ' is accessible.');
+    $this->assertTrue(strpos($this->drupalGetHeader('Content-Type'), 'text/plain') === 0, t('MIME type is text/plain.'));
     $this->assertEqual(file_get_contents($file), $this->drupalGetContent(), 'Uploaded contents of ' . $filename . ' verified.');
     // Verify file actually is readable and writeable by PHP.
     $this->assertTrue(is_readable($file), t('Uploaded file is readable.'));

modules/user/user.module

@@ -814,7 +814,7 @@ function user_perm() {
 function user_file_download($filepath) {
   if (strpos($filepath, variable_get('user_picture_path', 'pictures') . '/picture-') === 0) {
     $info = image_get_info(file_create_path($filepath));
-    return array('Content-type: ' . $info['mime_type']);
+    return array('Content-Type' => $info['mime_type']);
   }
 }
 

sites/default/default.settings.php

@@ -275,6 +275,25 @@ $conf = array(
 #   'reverse_proxy_addresses' => array('a.b.c.d', ...), // Leave the comma here.
 );
 
+/**
+ * Page caching:
+ *
+ * By default, Drupal sends a "Vary: Cookie" HTTP header for anonymous page
+ * views. This tells a HTTP proxy that it may return a page from its local
+ * cache without contacting the web server, if the user sends the same Cookie
+ * header as the user who originally requested the cached page. Without "Vary:
+ * Cookie", authenticated users would also be served the anonymous page from
+ * the cache. If the site has mostly anonymous users except a few known
+ * editors/administrators, the Vary header can be omitted. This allows for
+ * better caching in HTTP proxies (including reverse proxies), i.e. even if
+ * clients send different cookies, they still get content served from the cache
+ * if aggressive caching is enabled and the minimum cache time is non-zero.
+ * However, authenticated users should access the site directly (i.e. not use an
+ * HTTP proxy, and bypass the reverse proxy if one is used) in order to avoid
+ * getting cached pages from the proxy.
+ */
+# $conf['omit_vary_cookie'] = TRUE;
+
 /**
  * String overrides:
  *