|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #23679 PHP does not protect output buffers created in configs from the script
Submitted: 2003-05-18 04:40 UTC Modified: 2003-05-18 07:25 UTC
Avg. Score:1.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: ngaugler at ngworld dot net Assigned:
Status: Not a bug Package: Output Control
PHP Version: 4.3.1 OS: FreeBSD
Private report: No CVE-ID: None
 [2003-05-18 04:40 UTC] ngaugler at ngworld dot net
PHP does not protect output_buffers created via configs through the output_buffer, output_handler configurations from individual scripts.  If you configure your php.ini to have output_handler = ob_gzhandler  then run ob_clean() or ob_end_clean() odd results happen and the page does not properly send.  I think PHP should protect buffers created before the script is executed so that the individual may not destroy them.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-05-18 05:46 UTC]
Try this: 

// delete as much output buffers as possible

 [2003-05-18 06:51 UTC] ngaugler at ngworld dot net
I do not want PHP to delete the buffers.  Let me try and re-explain it.  When I setup the ob_gzhandler, then I run ob_clean or ob_clean_flush PHP will send a partially gzip'ed page to the browser or inconsistant results and the page will not display properly.  What I am suggesting is that if someone sets ob_gzhandler in the PHP.ini, or a situation like this, they cannot clear it out through the script.  It is protected.
 [2003-05-18 07:25 UTC]
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at and the instructions on how to report
a bug at

If you want to shoot your self in the knee go ahead.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Wed Jun 07 13:03:43 2023 UTC