Bug #54114 [Com]: Output Buffer Dumps Data On Error

[neweracracker at gmail dot com]

Edit report at http://bugs.php.net/bug.php?id=54114&edit=1

 ID:                 54114
 Comment by:         neweracracker at gmail dot com
 Reported by:        danhstevens at gmail dot com
 Summary:            Output Buffer Dumps Data On Error
 Status:             Open
 Type:               Bug
 Package:            Output Control
 Operating System:   all
 PHP Version:        5.3.5
 Block user comment: N
 Private report:     N

 New Comment:

I've managed to reproduce this in Windows 7 running php 5.2.17 (with
php.ini-dist) and php 5.3.5 (with php.ini-development).



Here is my test script:

<?php

set_time_limit(1);

ob_start();

echo "You shouldn't see this!";

sleep(2); //comment this and you won't see the line above in output ;)

ob_end_clean();

?>



I've reported this as bug #54174 which got closed due being a dupe of
this one so I am leaving this comment here for reference purposes.



Regards,

NewEraCracker.


Previous Comments:
------------------------------------------------------------------------
[2011-02-28 21:40:36] danhstevens at gmail dot com

Hi Rasmus,



I was still able to create the problem by calling on a non-existing
class to create a fatal error. Here is a variation of your code:



function eh($errno, $errstr, $errfile, $errline) {

  $contents = ob_get_contents();

  ob_end_clean();

  echo "Error: $errno, $errstr, $errfile, $errline\n";

}

set_error_handler('eh');

ob_start();

echo 123;

nonExistantClass::nonExistantMethod();

echo "After error\n";



Output is:

123

Fatal error: Class 'nonExistantClass' not found in ...



Hopefully the above should more accurately illustrate the issue.

------------------------------------------------------------------------
[2011-02-28 19:37:32] ras...@php.net

I am unable to reproduce this.  My test script:





<?php

function eh($errno, $errstr, $errfile, $errline) {

  $contents = ob_get_contents();

  ob_end_clean();

  echo "Error: $errno, $errstr, $errfile, $errline\n";

}

set_error_handler('eh');

ob_start();

echo 123;

trigger_error('test error', E_USER_ERROR);

echo "After error\n";





And my output is:



Error: 256, test error, /var/www/testing/o.php, 10

After error



No sign of "123" there.

------------------------------------------------------------------------
[2011-02-28 07:43:46] danhstevens at gmail dot com

Description:
------------
When output buffering is turned on (via ob_start()) and an error is
encountered before a call to ob_end_* is called the entire contents of
the output buffer is dumped (to STDOUT) and there appears to be no way
to prevent the buffer from dumping - not even by setting an error
handler, etc.



This is a security issue since the output buffer may contain sensitive
information that is them dumped over to the user. Using
set_error_handler does not stop the dump - it appears the dump simply
happens with no way to intercept or prevent it.

Test script:
---------------
<?php

ob_start();

echo 123;

trigger_error('test error', E_USER_ERROR);

$contents = ob_get_contents();

ob_end_clean();

?>

Expected result:
----------------
(no output)

Actual result:
--------------
123

Fatal error: test error in ...


------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=54114&edit=1