输出缓冲区漏洞PHP
[英]Output buffer vulnerabilities PHP
问题描述
What are the vulnerabilities of output buffer functions in PHP? 
PHP中的输出缓冲区函数有哪些漏洞?
- Not saying it has vulnerabilities, merely wondering if there were any 没有说它有漏洞,只是想知道是否有任何漏洞
Why is it considered ugly php code? 为什么它被认为是丑陋的php代码?
- http://symfony.com/doc/2.0/book/from_flat_php_to_symfony2.html Under isolating the layout http://symfony.com/doc/2.0/book/from_flat_php_to_symfony2.html在隔离布局下
2 个解决方案
解决方案1
3 已采纳 2011-03-28 03:44:31
Output buffering is considered ugly if it is used to circumvent ye' olde Cannot send headers, output already started at... warning. 如果将输出缓冲用于规避以前的用法,则认为它很丑陋。 Cannot send headers, output already started at...已从Cannot send headers, output already started at...警告Cannot send headers, output already started at... 。 Output buffering is then used to make up for poor design. 然后使用输出缓冲来弥补不良的设计。
In a well designed application you would make sure that any response headers are sent first before any response body content is output, without having to resort to output buffering. 在设计良好的应用程序中,您将确保在输出任何响应正文内容之前先发送任何响应标头,而不必求助于输出缓冲。
In an application which is made up of spaghetti code , a developer might make the decision to cram another header in somewhere, after body content has already been output. 在由意大利面条代码组成的应用程序中,开发人员可能会决定在正文内容已输出之后,在某个位置添加另一个标头。 And since http headers must be sent before http body content, they use output buffering to tackle this violation of the http protocol. 并且由于必须在HTTP正文内容之前发送HTTP标头,因此它们使用输出缓冲来解决这种违反http协议的情况。 I've explained this more elaborate a while ago in this answer . 我已经在这个答案中更详细地解释了这一点 。
解决方案2
0 2011-03-28 04:08:44
It's actually a very helpful tool as explained in the article below... 正如下面文章中所述,它实际上是一个非常有用的工具...
http://dev-tips.com/featured/output-buffering-for-web-developers-a-beginners-guide http://dev-tips.com/featured/output-buffering-for-web-developers-a-beginners-guide
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.