LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Programming (https://www.linuxquestions.org/questions/programming-9/)
-   -   A nasty(!) PHP "gotcha" with "imagejpeg()" (https://www.linuxquestions.org/questions/programming-9/a-nasty-php-gotcha-with-imagejpeg-4175590413/)

sundialsvcs 09-29-2016 09:13 AM
A nasty(!) PHP "gotcha" with "imagejpeg()"
 
I recently swatted a bug that admittedly had me bamfoozled for quite some time. The problem was that PHP code ... code which had been running flawlessly for years ... suddenly stopped producing usable images. Everything that it produced was corrupt.

Here's an excerpt of the broken code:
Code:
<?php
  // blah blah blah ...
?>

<?php
  // blah blah blah ...
  // (do you see the bug yet?)
  // blah blah blah ...

  header("Content-type: image/jpeg");
  imagejpeg();
?>
Do you see it yet? I'll wait ... "Boo bee boo bee, boo doo doo ..." (ding!) Time's up!

This code is intended to produce only the output of the imagejpeg() function, with an HTTP header that specifies that the data is an image. So far, so good.

But... here's the bug: There is an extra newline ($0A) character that is added by the blank line between the two <?php tags at the start of the file. The browser sees this data, including the unwanted newline byte, as a (corrupt) image.

If this blank line is removed, the newline disappears and the code works correctly. Like this:

Code:
<?php
  // blah blah blah ...
?>
<?php
  // blah blah blah ...
(You may now make your donations, in my name please, to diePHPdiediedie.org ...) ;)

Guttorm 09-29-2016 09:24 AM
Hi

I've seen worse. Sometimes you include some other files, and they have a newline after the last ?> marker. Other times, somebody's editor adds a UTF-8 BOM in the file you include, and those you normally cannot see.

A safer way is to use output_buffering in your php.ini:

Quote:
; Output buffering is a mechanism for controlling how much output data
; (excluding headers and cookies) PHP should keep internally before pushing that
; data to the client. If your application's output exceeds this setting, PHP
; will send that data in chunks of roughly the size you specify.
; Turning on this setting and managing its maximum buffer size can yield some
; interesting side-effects depending on your application and web server.
; You may be able to send headers and cookies after you've already sent output
; through print or echo. You also may see performance benefits if your server is
; emitting less packets due to buffered output versus PHP streaming the output
; as it gets it. On production servers, 4096 bytes is a good setting for performance
; reasons.
; Note: Output buffering can also be controlled via Output Buffering Control
; functions.
; Possible Values:
; On = Enabled and buffer is unlimited. (Use with caution)
; Off = Disabled
; Integer = Enables the buffer and sets its maximum size in bytes.
; Note: This directive is hardcoded to Off for the CLI SAPI
; Default Value: Off
; Development Value: 4096
; Production Value: 4096
; http://php.net/output-buffering
output_buffering = 4096
Then, before using imagejpeg and friends, or outputting anything that's not HTML, call ob_end_clean()

keefaz 09-29-2016 11:49 AM
Quote:
Originally Posted by Guttorm (Post 5611505)
Hi

I've seen worse. Sometimes you include some other files, and they have a newline after the last ?> marker. Other times, somebody's editor adds a UTF-8 BOM in the file you include, and those you normally cannot see.

A safer way is to use output_buffering in your php.ini:



Then, before using imagejpeg and friends, or outputting anything that's not HTML, call ob_end_clean()
Or maybe omit the closing ?> php tag in included files


All times are GMT -5. The time now is 12:29 PM.