From ba5c53e5c3894bcbbc33dfd3271583e44c35de25 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 09 Jun 2014 08:16:35 -0400
Subject: [PATCH] Send X-UA-Compatible as HTTP header instead of meta tag

---
 index.php                              |    1 +
 skins/classic/includes/links.html      |    1 -
 skins/larry/includes/links.html        |    1 -
 program/lib/Roundcube/rcube_output.php |   36 +++++++++++++++++++-----------------
 4 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/index.php b/index.php
index 3674db1..ae5df40 100644
--- a/index.php
+++ b/index.php
@@ -44,6 +44,7 @@
 
 // Make the whole PHP output non-cacheable (#1487797)
 $RCMAIL->output->nocacheing_headers();
+$RCMAIL->output->common_headers();
 
 // turn on output buffering
 ob_start();
diff --git a/program/lib/Roundcube/rcube_output.php b/program/lib/Roundcube/rcube_output.php
index 1907645..55a38b2 100644
--- a/program/lib/Roundcube/rcube_output.php
+++ b/program/lib/Roundcube/rcube_output.php
@@ -44,7 +44,6 @@
         $this->browser = new rcube_browser();
     }
 
-
     /**
      * Magic getter
      */
@@ -60,7 +59,6 @@
         return null;
     }
 
-
     /**
      * Setter for output charset.
      * To be specified in a meta tag and sent as http-header
@@ -72,7 +70,6 @@
         $this->charset = $charset;
     }
 
-
     /**
      * Getter for output charset
      *
@@ -82,7 +79,6 @@
     {
         return $this->charset;
     }
-
 
     /**
      * Set environment variable
@@ -94,7 +90,6 @@
     {
         $this->env[$name] = $value;
     }
-
 
     /**
      * Environment variable getter.
@@ -108,7 +103,6 @@
         return $this->env[$name];
     }
 
-
     /**
      * Delete all stored env variables and commands
      */
@@ -116,7 +110,6 @@
     {
         $this->env = array();
     }
-
 
     /**
      * Invoke display_message command
@@ -129,7 +122,6 @@
      */
     abstract function show_message($message, $type = 'notice', $vars = null, $override = true, $timeout = 0);
 
-
     /**
      * Redirect to a certain url.
      *
@@ -138,12 +130,10 @@
      */
     abstract function redirect($p = array(), $delay = 1);
 
-
     /**
      * Send output to the client.
      */
     abstract function send();
-
 
     /**
      * Send HTTP headers to prevent caching a page
@@ -156,9 +146,6 @@
 
         header("Expires: ".gmdate("D, d M Y H:i:s")." GMT");
         header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
-
-        // Request browser to disable DNS prefetching (CVE-2010-0464)
-        header("X-DNS-Prefetch-Control: off");
 
         // We need to set the following headers to make downloads work using IE in HTTPS mode.
         if ($this->browser->ie && rcube_utils::https_check()) {
@@ -178,14 +165,32 @@
      */
     public function future_expire_header($offset = 2600000)
     {
-        if (headers_sent())
+        if (headers_sent()) {
             return;
+        }
 
         header("Expires: " . gmdate("D, d M Y H:i:s", time()+$offset) . " GMT");
         header("Cache-Control: max-age=$offset");
         header("Pragma: ");
     }
 
+    /**
+     * Send browser compatibility/security/etc. headers
+     */
+    public function common_headers()
+    {
+        if (headers_sent()) {
+            return;
+        }
+
+        // Unlock IE compatibility mode
+        if ($this->browser->ie) {
+            header('X-UA-Compatible: IE=edge');
+        }
+
+        // Request browser to disable DNS prefetching (CVE-2010-0464)
+        header("X-DNS-Prefetch-Control: off");
+    }
 
     /**
      * Show error page and terminate script execution
@@ -199,7 +204,6 @@
         fputs(STDERR, "Error $code: $message\n");
         exit(-1);
     }
-
 
     /**
      * Create an edit field for inclusion on a form
@@ -253,7 +257,6 @@
         return $out;
     }
 
-
     /**
      * Convert a variable into a javascript object notation
      *
@@ -269,5 +272,4 @@
         // that's why we have @ here
         return @json_encode($input);
     }
-
 }
diff --git a/skins/classic/includes/links.html b/skins/classic/includes/links.html
index 2f6ef01..8ff57c2 100644
--- a/skins/classic/includes/links.html
+++ b/skins/classic/includes/links.html
@@ -1,4 +1,3 @@
-<meta http-equiv="X-UA-Compatible" content="IE=EDGE" />
 <link rel="index" href="$__comm_path" />
 <link rel="shortcut icon" href="/images/favicon.ico"/>
 <link rel="stylesheet" type="text/css" href="/common.css" />
diff --git a/skins/larry/includes/links.html b/skins/larry/includes/links.html
index ce9863a..a49e588 100644
--- a/skins/larry/includes/links.html
+++ b/skins/larry/includes/links.html
@@ -1,4 +1,3 @@
-<meta http-equiv="X-UA-Compatible" content="IE=EDGE" />
 <meta name="viewport" content="" id="viewport" />
 <link rel="shortcut icon" href="/images/favicon.ico"/>
 <link rel="stylesheet" type="text/css" href="/styles.css" />

--
Gitblit v1.9.1