PHP :: Bug #11403 :: calling session_start with protected images sends bogus headers

Bug #11403	calling session_start with protected images sends bogus headers
Submitted:	2001-06-11 14:12 UTC	Modified:	2001-06-19 22:28 UTC
From:	bondu at iowalab dot com	Assigned:
Status:	Closed	Package:	Session related
PHP Version:	4.0.4pl1	OS:	linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	bondu at iowalab dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2001-06-11 14:12 UTC] bondu at iowalab dot com

This script works as expected:
<?
$filename = "someimage.jpg";
$fd = fopen ($filename, "rb");
echo $contents = fread ($fd, filesize ($filename));
fclose ($fd);
?>

Adding sesion start sends bogus header infromation that makes IE think the file is a bitmap.  When right clicking on the image, IE thinks the file is of type .bmp and the Protocol is HTML.  Does the same thing for all image types. Adding header information in the script does not fix the problem, nor does setting default_mimetype to the "image/jpeg" in the script.

I was able to reproduce this on 4 different linux machines running 4.0.2, 4.0.4p1, and 4.0.5

 
<?
session_start();
$filename = "someimage.jpg";
$fd = fopen ($filename, "rb");
echo $contents = fread ($fd, filesize ($filename));
fclose ($fd);
?>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-06-12 01:45 UTC] sniper@php.net

This works:

<?
session_start();
$filename = "test.jpg";
$fd = fopen ($filename, "rb");
$contents = fread ($fd, filesize ($filename));
fclose ($fd);

Header ("Content-type: image/jpeg");
echo $contents;
?>

[2001-06-12 13:08 UTC] bondu at iowalab dot com

adding 
Header ("Content-type: image/jpeg");
does NOT fix the problem.
copy the "fixed" script to a new file name, and see that it does not work.

you are looking at cached version.  IE will cache the mimetype info associated with the image even if you clear your history.  I am able to reproduce this consistantly on multiple machines

[2001-06-19 12:43 UTC] sniper@php.net

1. I am NOT using IE here. I tested this with
IE now, and it works just fine.
2. Works also with Opera.
3. Works also with Mozilla.

I suggest you check your php.ini settings.

[2001-06-19 12:44 UTC] sniper@php.net

And update to php 4.0.5

[2001-06-19 15:03 UTC] bondu at iowalab dot com

adding 
session_cache_limiter("private");
before 
session_start();
fixed the problem.

<?
session_cache_limiter("private");
session_start();
$filename = "test.jpg";
$fd = fopen ($filename, "rb");
$contents = fread ($fd, filesize ($filename));
fclose ($fd);

Header ("Content-type: image/jpeg");
echo $contents;
?>

[2001-06-19 22:28 UTC] sniper@php.net

Just a note, this is problem only with IE.
Seems like it doesn't like all the cache preventing 
headers sent by session_start() but using 'private' cache
headers, it works. Go figure..

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu May 02 04:01:30 2024 UTC