Make WordPress Core

Opened 7 years ago

Closed 6 years ago

#22160 closed defect (bug) (worksforme)

Etags served by ms-files.php not specific enough

Reported by: xiffy Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.3.2
Component: Multisite Keywords: has-patch
Focuses: Cc:
PR Number:


Today I was tracking an Etag issue we had where different versions of images uploaded to wordpress had the same etags. I first looked at apache and reconfigured it to serve filesize mtime etags. To no avail.
When investigating further i discovered that uploaded files get an etag from ms-files.php (line 57)

$etag = '"' . md5( $last_modified ) . '"';

which to my humble opinion should be something like:

$etag = '"' . md5( $last_modified . filesize($file)) . '"';

that way, images of different formats, created at upload time, which share the same mtime on a fast machine still get different etags.

Attachments (1)

etag-with-filesize.diff (546 bytes) - added by wonderboymusic 7 years ago.

Download all attachments as: .zip

Change History (9)

#1 @SergeyBiryukov
7 years ago

  • Component changed from Media to Multisite

Related: #19235

#2 @wonderboymusic
7 years ago

  • Keywords has-patch added
  • Milestone changed from Awaiting Review to Future Release

sure why not - patch attached

#3 @wonderboymusic
7 years ago

  • Milestone changed from Future Release to 3.6

#4 @wonderboymusic
6 years ago

  • Milestone changed from 3.6 to Future Release

#5 follow-up: @wonderboymusic
6 years ago

  • Milestone changed from Future Release to 3.7

This is an easy fix, unless someone thinks it's useless

#7 in reply to: ↑ 5 @nacin
6 years ago

Replying to wonderboymusic:

This is an easy fix, unless someone thinks it's useless

It appears useless.

Entity tags are only unique to the resource. Two different images on different URIs having the same entity tag is meaningless. Per RFC 2616, section 3.11:

An entity tag MUST be unique across all versions of all entities associated with a particular resource. A given entity tag value MAY be used for entities obtained by requests on different URIs. The use of the same entity tag value in conjunction with entities obtained by requests on different URIs does not imply the equivalence of those entities.

#8 @nacin
6 years ago

  • Milestone 3.7 deleted
  • Resolution set to worksforme
  • Status changed from new to closed

This would be valid only if a single image could be updated in under one second from its previous update or point of creation, thus being a new version of the resource that goes undetected by filemtime(). But there is also no guarantee that such a changed image would have a different size.

This does not seem like something ms-files.php needs to address. Not only is ms-files.php no longer the preferred method of serving files, but this will suddenly invalidate all existing multisite asset caches on upgrade, for apparently no reason. Closing as worksforme pending further feedback.

Note: See TracTickets for help on using tickets.