Bug #54114 [Fbk->Opn]: Output Buffer Dumps Data On Error

Mon, 28 Feb 2011 12:40:45 -0800 

Edit report at http://bugs.php.net/bug.php?id=54114&edit=1

 ID:                 54114
 User updated by:    danhstevens at gmail dot com
 Reported by:        danhstevens at gmail dot com
 Summary:            Output Buffer Dumps Data On Error
-Status:             Feedback
+Status:             Open
 Type:               Bug
 Package:            Output Control
 Operating System:   all
 PHP Version:        5.3.5
 Block user comment: N
 Private report:     N

 New Comment:

Hi Rasmus,



I was still able to create the problem by calling on a non-existing
class to create a fatal error. Here is a variation of your code:



function eh($errno, $errstr, $errfile, $errline) {

  $contents = ob_get_contents();

  ob_end_clean();

  echo "Error: $errno, $errstr, $errfile, $errline\n";

}

set_error_handler('eh');

ob_start();

echo 123;

nonExistantClass::nonExistantMethod();

echo "After error\n";



Output is:

123

Fatal error: Class 'nonExistantClass' not found in ...



Hopefully the above should more accurately illustrate the issue.


Previous Comments:
------------------------------------------------------------------------
[2011-02-28 19:37:32] ras...@php.net

I am unable to reproduce this.  My test script:





<?php

function eh($errno, $errstr, $errfile, $errline) {

  $contents = ob_get_contents();

  ob_end_clean();

  echo "Error: $errno, $errstr, $errfile, $errline\n";

}

set_error_handler('eh');

ob_start();

echo 123;

trigger_error('test error', E_USER_ERROR);

echo "After error\n";





And my output is:



Error: 256, test error, /var/www/testing/o.php, 10

After error



No sign of "123" there.

------------------------------------------------------------------------
[2011-02-28 07:43:46] danhstevens at gmail dot com

Description:
------------
When output buffering is turned on (via ob_start()) and an error is
encountered before a call to ob_end_* is called the entire contents of
the output buffer is dumped (to STDOUT) and there appears to be no way
to prevent the buffer from dumping - not even by setting an error
handler, etc.



This is a security issue since the output buffer may contain sensitive
information that is them dumped over to the user. Using
set_error_handler does not stop the dump - it appears the dump simply
happens with no way to intercept or prevent it.

Test script:
---------------
<?php

ob_start();

echo 123;

trigger_error('test error', E_USER_ERROR);

$contents = ob_get_contents();

ob_end_clean();

?>

Expected result:
----------------
(no output)

Actual result:
--------------
123

Fatal error: test error in ...


------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=54114&edit=1

Reply via email to