Security update for Core, with self-updated composer

[yaffs-website] / web / core / lib / Drupal / Core / Cache / Context / HeadersCacheContext.php

diff --git a/web/core/lib/Drupal/Core/Cache/Context/HeadersCacheContext.php b/web/core/lib/Drupal/Core/Cache/Context/HeadersCacheContext.php
index 0a9ac0a86e79fca836af85f2ec6cd8adba458e3c..71db8e64c78c64271839236f69fc95556e858687 100644 (file)
--- a/web/core/lib/Drupal/Core/Cache/Context/HeadersCacheContext.php
+++ b/web/core/lib/Drupal/Core/Cache/Context/HeadersCacheContext.php
@@ -25,11 +25,28 @@ class HeadersCacheContext extends RequestStackCacheContextBase implements Calcul
    */
   public function getContext($header = NULL) {
     if ($header === NULL) {
-      return $this->requestStack->getCurrentRequest()->headers->all();
+      $headers = $this->requestStack->getCurrentRequest()->headers->all();
+      // Order headers by name to have less cache variations.
+      ksort($headers);
+      $result = '';
+      foreach ($headers as $name => $value) {
+        if ($result) {
+          $result .= '&';
+        }
+        // Sort values to minimize cache variations.
+        sort($value);
+        $result .= $name . '=' . implode(',', $value);
+      }
+      return $result;
     }
-    else {
-      return $this->requestStack->getCurrentRequest()->headers->get($header);
+    elseif ($this->requestStack->getCurrentRequest()->headers->has($header)) {
+      $value = $this->requestStack->getCurrentRequest()->headers->get($header);
+      if ($value !== '') {
+        return $value;
+      }
+      return '?valueless?';
     }
+    return '';
   }
 
   /**