Index: includes/common.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/common.inc,v
retrieving revision 1.791
diff -u -r1.791 common.inc
--- includes/common.inc	8 Sep 2008 21:24:30 -0000	1.791
+++ includes/common.inc	9 Sep 2008 19:01:35 -0000
@@ -1716,7 +1716,7 @@
 
   $preprocess_css = (variable_get('preprocess_css', FALSE) && (!defined('MAINTENANCE_MODE') || MAINTENANCE_MODE != 'update'));
   $directory = file_directory_path();
-  $is_writable = is_dir($directory) && is_writable($directory) && (variable_get('file_downloads', FILE_DOWNLOADS_PUBLIC) == FILE_DOWNLOADS_PUBLIC);
+  $is_writable = is_dir($directory) && is_writable($directory);
 
   // A dummy query-string is added to filenames, to gain control over
   // browser-caching. The string changes on every update or full cache
@@ -1817,6 +1817,12 @@
     // Create the CSS file.
     file_save_data($data, $csspath . '/' . $filename, FILE_EXISTS_REPLACE);
   }
+
+  // File download method is private, so use the system_load_css() callback
+  if (variable_get('file_downloads', FILE_DOWNLOADS_PUBLIC) != FILE_DOWNLOADS_PUBLIC) {
+    return 'css-loader/'. $filename;
+  }
+
   return $csspath . '/' . $filename;
 }
 
Index: modules/system/system.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.admin.inc,v
retrieving revision 1.87
diff -u -r1.87 system.admin.inc
--- modules/system/system.admin.inc	6 Sep 2008 08:36:21 -0000	1.87
+++ modules/system/system.admin.inc	9 Sep 2008 19:07:27 -0000
@@ -1395,7 +1395,7 @@
   );
 
   $directory = file_directory_path();
-  $is_writable = is_dir($directory) && is_writable($directory) && (variable_get('file_downloads', FILE_DOWNLOADS_PUBLIC) == FILE_DOWNLOADS_PUBLIC);
+  $is_writable = is_dir($directory) && is_writable($directory);
   $form['bandwidth_optimizations']['preprocess_css'] = array(
     '#type' => 'radios',
     '#title' => t('Optimize CSS files'),
Index: modules/system/system.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.module,v
retrieving revision 1.617
diff -u -r1.617 system.module
--- modules/system/system.module	6 Sep 2008 08:36:21 -0000	1.617
+++ modules/system/system.module	9 Sep 2008 19:08:25 -0000
@@ -647,6 +647,16 @@
     'access arguments' => array('administer site configuration'),
     'type' => MENU_CALLBACK,
   );
+
+  if (variable_get('preprocess_css', TRUE) && variable_get('file_downloads', FILE_DOWNLOADS_PUBLIC) != FILE_DOWNLOADS_PUBLIC) {
+    $items[] = array(
+      'path' => 'css-loader',
+      'title' => t('CSS Loader'),
+      'callback' => 'system_load_css',
+      'access' => TRUE,
+      'type' => MENU_CALLBACK);
+  }
+
   // Default page for batch operations
   $items['batch'] = array(
     'page callback' => 'system_batch_page',
@@ -2116,3 +2126,18 @@
 function system_image_toolkits() {
   return array('gd');
 }
+
+/**
+ * Output an aggregated CSS file when file download method is private
+ */
+function system_load_css($file=NULL) {
+  // Be very strict about what filenames are allowed, to avoid attacks
+  if (isset($file) && preg_match('/^[a-f0-9]{32}\.css$/', $file)) {
+    $filepath = 'css/'. $file;
+    if (file_exists(file_create_path($filepath))) {
+      file_transfer($filepath, array('Content-type: text/css'));
+    }
+    return drupal_not_found();
+  }
+  return drupal_access_denied();
+}
\ No newline at end of file