localhost won't process header() command
David Meisel
I'm using Apache 2.2 and PHP 5.2.10 with GD 2 installed. Calling the
following code, however, does not work:
<?php
Header("Content-Type: image/jpeg");
Header("Content-Disposition: filename=image.jpg");
$objImage = ImageCreateFromJpeg($_GET["file"]);
ImageJpeg($objImage);
ImageDestroy($objImage);
?>
The file is saved under image.php and called with
localhost/image.php?file=test.jpg - unsuccessfully, though :-(. The browser
(both Firefox and IE) returns the following string:
http://localhost/image.php?file=test.jpg
I uploaded the file to my "real" web server and it does work there. I've
been googling the problem for hours, but no solution whatsoever.
Do you have any idea?
Thanks,
David
P.S. By the way: it doesn't work with IIS 5.1, either.
"Álvaro G. Vicario"
> I'm using Apache 2.2 and PHP 5.2.10 with GD 2 installed. Calling the
> following code, however, does not work:
>
> <?php
>
> Header("Content-Type: image/jpeg");
> Header("Content-Disposition: filename=image.jpg");
>
> $objImage = ImageCreateFromJpeg($_GET["file"]);
> ImageJpeg($objImage);
> ImageDestroy($objImage);
>
> ?>
>
> The file is saved under image.php and called with
> localhost/image.php?file=test.jpg - unsuccessfully, though :-(. The browser
> (both Firefox and IE) returns the following string:
>
> http://localhost/image.php?file=test.jpg
I suppose your code is printing an error message, so it's not a valid
picture and it can't be displayed as such. Comment out the header()
calls and try again.
--
-- http://alvaro.es - �lvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programaci�n web: http://borrame.com
-- Mi web de humor satinado: http://www.demogracia.com
--
David Meisel
>> The file is saved under image.php and called with
>> localhost/image.php?file=test.jpg - unsuccessfully, though :-(. The
>> browser (both Firefox and IE) returns the following string:
>>
>> http://localhost/image.php?file=test.jpg
>
> I suppose your code is printing an error message, so it's not a valid
> picture and it can't be displayed as such. Comment out the header() calls
> and try again.
No, it does NOT output an error message, all it prints is the line I stated
above. And - as already written - the same code does work on my web server.
Besides, commenting out the header() lines just prints the picture in ASCII
letters - looks like a whole lot of trash... ;-)
Any other idea?
Jerry Stuckle
Do you have a webserver on your local machine, or are you trying to open
the script as a file?
If you do have a local webserver, is it parsing other PHP files correctly?
Did you try Alvaro's suggestion?
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstu...@attglobal.net
==================
C. (http://symcbean.blogspot.com/)
This is exactly how these browsers behave when the mimetype is an
image but the body is not. Go back and comment out ALL the headers
messages - and enable full error reporting/logging.
C.
David Meisel
> the script as a file?
first mail.
> If you do have a local webserver, is it parsing other PHP files correctly?
Yes, everything works fine with other PHP files.
> Did you try Alvaro's suggestion?
I did, but as I said: It looks like I open a jpeg file with a text editor.
Let me quote what I see in the browser:
----- 8< -----
����? JFIF? ?? ? ??��?>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default
quality ��?C? $.' ",# (7),01444 '9=82<.342��?C
2! !22222222222222222222222222222222222222222222222222��? ,?� "? ��? ?? ????????
��?� ? ?? } ? !1A Qa "q 2�'� #B�� R��$3br,
----- 8< -----
(and this goes on and on like this)
David Meisel
> image but the body is not. Go back and comment out ALL the headers
> messages - and enable full error reporting/logging.
image and no errors have been reported. And - just to mention it again - the
original code DOES work on another web server. It even works on another
mashine where I installed Apache 2.2 and PHP 5.2.9-2... It's really
frustrating.
Do you have any other idea?
Jerry Stuckle
OK, not to disagree with you, but let's just make sure we're on the same
track.
Your php.ini file has:
error_reporting=E_ALL
display_errors=on
This is verified in phpinfo().
After loading the page, you look at the source code in your browser and
see this information. You see no error messages in the source code.
What does FireFox's Live HTTP Headers extension show for the headers
being sent?
"Álvaro G. Vicario"
>> Do you have a webserver on your local machine, or are you trying to open
>> the script as a file?
> Of course, I have a local server installed. Apache 2.2, as writtin in my
> first mail.
>
>> If you do have a local webserver, is it parsing other PHP files correctly?
> Yes, everything works fine with other PHP files.
>
>> Did you try Alvaro's suggestion?
> I did, but as I said: It looks like I open a jpeg file with a text editor.
> Let me quote what I see in the browser:
>
> ----- 8< -----
> quality ��?C? $.' ",# (7),01444 '9=82<.342��?C
>
> 2! !22222222222222222222222222222222222222222222222222��? ,?� "? ��? ?? ????????
> ��?� ? ?? } ? !1A Qa "q 2�'� #B�� R��$3br,
>
> (and this goes on and on like this)
If there's something like "Notice: Undefined variable: foo" somewhere in
the middle of a binary stream it can be difficult to spot it. Just to
make sure, search for "error", "warning" or "notice" using your
browser's search feature. However, I admit I see no reason to have an
error message in the middle of the ImageJpeg() output.
Add a file name as second argument in ImageJpeg() and see if the
resulting file is a valid JPEG image. Additionally, check that your
script sends zero bytes to the browser when saving to a file; size info
should appear in the "Page Info" dialog.
--
-- http://alvaro.es - �lvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programaci�n web: http://borrame.com
Willem Bogaerts
> Header("Content-Type: image/jpeg");
> Header("Content-Disposition: filename=image.jpg");
> $objImage = ImageCreateFromJpeg($_GET["file"]);
> ImageJpeg($objImage);
> ImageDestroy($objImage);
> ?>
Sanitize your input. What about:
http://localhost/image.php?file=../../../etc/passwd
Take care,
--
Willem Bogaerts
Application smith
Kratz B.V.
http://www.kratz.nl/
David Meisel
> track.
>
> Your php.ini file has:
>
> error_reporting=E_ALL
ini_set("error_reporting", E_ALL);
for debugging purposes, so yes, it's on.
> display_errors=on
Yes, I have set this to be On in my php.ini.
> After loading the page, you look at the source code in your browser and
> see this information. You see no error messages in the source code.
Yeah, I've searched the source of parsed file for warning, note, and error,
but there is nothing like that.
> What does FireFox's Live HTTP Headers extension show for the headers being
> sent?
Without the header() command, it's text/html; with the header() command not
commented out, it's image/jpeg - as it should be...
Thanks a lot for your help so far! I just can't figure out what causes my
browsers to misinterpret the file, or what prevents PHP to parse the file
correctly when I enable the header() command... I don't know where it gets
stuck...
David Meisel
>> I did, but as I said: It looks like I open a jpeg file with a text
>> editor. Let me quote what I see in the browser:
>>
>> ----- 8< -----
>> default quality ��?C? $.'
>> ",# (7),01444 '9=82<.342��?C
>> 2! !22222222222222222222222222222222222222222222222222��? ,?� "? ��? ?? ????????
>>
>> (and this goes on and on like this)
>
> If there's something like "Notice: Undefined variable: foo" somewhere in
> the middle of a binary stream it can be difficult to spot it. Just to make
> sure, search for "error", "warning" or "notice" using your browser's
> search feature. However, I admit I see no reason to have an error message
> in the middle of the ImageJpeg() output.
like an error message or warning.
> Add a file name as second argument in ImageJpeg() and see if the resulting
> file is a valid JPEG image.
That works. It does save the image to a file.
> Additionally, check that your script sends zero bytes to the browser when
> saving to a file; size info should appear in the "Page Info" dialog.
The script sends zero bytes to the browser if it saves the image to a file;
otherwise, its about 13 KB - just the size of the saved image.
It's strange: It acts exactly as it should, but it does not show an image...
I appreciate your help, �lvaro. Do you still have any other ideas?
David Meisel
Well, http://localhost/image.php?file=./test.jpg will make the browser show
http://localhost/image.php?file=./test.jpg
(Yeah, the same as I requested.) Even if the picture does not exist, it acts
like that way with the header() command in use. If I comment it out, it only
works with existing files - just as one would expect...
So... what else could I do?
"Álvaro G. Vicario"
>>>> Did you try Alvaro's suggestion?
>>> I did, but as I said: It looks like I open a jpeg file with a text
>>> editor. Let me quote what I see in the browser:
>>>
>>> ----- 8< -----
>>> default quality ��?C? $.'
>>> ",# (7),01444 '9=82<.342��?C
>>> 2! !22222222222222222222222222222222222222222222222222��? ,?� "? ��? ?? ????????
>>>
>>> (and this goes on and on like this)
>> If there's something like "Notice: Undefined variable: foo" somewhere in
>> the middle of a binary stream it can be difficult to spot it. Just to make
>> sure, search for "error", "warning" or "notice" using your browser's
>> search feature. However, I admit I see no reason to have an error message
>> in the middle of the ImageJpeg() output.
> Yeah, me not either. And I searched the data - there actually is nothing
> like an error message or warning.
>
>> Add a file name as second argument in ImageJpeg() and see if the resulting
>> file is a valid JPEG image.
> That works. It does save the image to a file.
>
>> Additionally, check that your script sends zero bytes to the browser when
>> saving to a file; size info should appear in the "Page Info" dialog.
> The script sends zero bytes to the browser if it saves the image to a file;
> otherwise, its about 13 KB - just the size of the saved image.
>
> It's strange: It acts exactly as it should, but it does not show an image...
>
We've discarded the most obvious errors so far. I guess it's time to get
Firebug and inspect carefully the request and response headers in the
Net panel.
One more thing about the test file where you saved the pic... Can you
load through the web server? I once got corrupted images because my
virus scanner (NOD32 v2) had a (known) conflict with my web server
(Apache) at socket level.
Jerry Stuckle
What other headers are you seeing, though. They can be important, also.
How about posting all the headers from both working and non-working
systems?
Curtis Dyer
>> Sanitize your input. What about:
>>
>> http://localhost/image.php?file=../../../etc/passwd
Right, but the client won't ever see the file, since
`imagecreatefromjpeg()' outputs an image of the script URI if the
file isn't a valid JPEG.
However, I'd still do error checking to tell the user what went
wrong.
> Well, http://localhost/image.php?file=./test.jpg will make the
> browser show
>
> http://localhost/image.php?file=./test.jpg
What Willem was warning you about is not to assume users will be
sending expected data (such as valid JPEG filenames). You should
make sure the $_GET['file'] is the type of input you expect.
> (Yeah, the same as I requested.) Even if the picture does not
> exist, it acts like that way with the header() command in use. If
> I comment it out, it only works with existing files - just as one
> would expect...
>
> So... what else could I do?
You're seeing an image of the script URI because your JPEG
encoding is not right.
What you need to do is stop sending the output as "image/jpeg" so
you can actually see the `imagecreatefromjpeg()' warning.
Comment out the Content-Type and Content-Disposition header
calls:
/*
header('Content-Type: image/jpeg');
header('Content-Disposition: ...');
*/
Then run the script to see why `imagecreatefromjpeg()' fails.
If the image displays normally, but only fails in your script, it
might be getting corrupted somehow during the request.
P.S., it would be nice if you didn't remove the attribution lines
or, if possible, you configured your newsreader not to.
--
Curtis
int i;main(){for(;i["]<i;++i){--i;}"];read('-'-'-',i+++"hell\
o, world!\n",'/'/'/'));}read(j,i,p){write(j/p+p,i---j,i/i);}
~ Anonymous (1984 IOCCC winner)