diff --git a/admin-dev/ajaxfilemanager/inc/class.image.php b/admin-dev/ajaxfilemanager/inc/class.image.php index dfbaf970c..c10230f83 100755 --- a/admin-dev/ajaxfilemanager/inc/class.image.php +++ b/admin-dev/ajaxfilemanager/inc/class.image.php @@ -602,7 +602,8 @@ ob_start(); phpinfo(); $buffer = ob_get_contents(); - ob_end_clean(); + if (ob_get_level() && ob_get_length() > 0) + ob_end_clean(); foreach (explode("\n", $buffer) as $line) { $line = array_map('trim', (explode('|', strip_tags(str_replace('', '|', $line))))); if (isset($gd[$line[0]])) { diff --git a/admin-dev/backup.php b/admin-dev/backup.php index 8a4f66fef..eb9cc67b3 100644 --- a/admin-dev/backup.php +++ b/admin-dev/backup.php @@ -64,7 +64,8 @@ if ($fp === false) header('Content-Type: '.$contentType); header('Content-Disposition: attachment; filename="'.Tools::getValue('filename'). '"'); -ob_clean(); +if (ob_get_level() && ob_get_length() > 0) + ob_clean(); $ret = @fpassthru($fp); fclose($fp); diff --git a/admin-dev/functions.php b/admin-dev/functions.php index 83de585b5..4df9759f9 100644 --- a/admin-dev/functions.php +++ b/admin-dev/functions.php @@ -544,7 +544,8 @@ function runAdminTab($tab, $ajaxMode = false) if($ajaxMode) { // If this is an XSS attempt, then we should only display a simple, secure page - ob_clean(); + if (ob_get_level() && ob_get_length() > 0) + ob_clean(); // ${1} in the replacement string of the regexp is required, because the token may begin with a number and mix up with it (e.g. $17) $url = preg_replace('/([&?]token=)[^&]*(&.*)?$/', '${1}'.$adminObj->token.'$2', $_SERVER['REQUEST_URI']); @@ -559,7 +560,8 @@ function runAdminTab($tab, $ajaxMode = false) else { // If this is an XSS attempt, then we should only display a simple, secure page - ob_clean(); + if (ob_get_level() && ob_get_length() > 0) + ob_clean(); // ${1} in the replacement string of the regexp is required, because the token may begin with a number and mix up with it (e.g. $17) $url = preg_replace('/([&?]token=)[^&]*(&.*)?$/', '${1}'.$adminObj->token.'$2', $_SERVER['REQUEST_URI']); diff --git a/classes/module/ModuleGraph.php b/classes/module/ModuleGraph.php index 5790a92e5..cc03ca7e6 100644 --- a/classes/module/ModuleGraph.php +++ b/classes/module/ModuleGraph.php @@ -222,7 +222,7 @@ abstract class ModuleGraphCore extends Module protected function _displayCsv() { - if (ob_get_length()) + if (ob_get_level() && ob_get_length() > 0) ob_end_clean(); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.$this->displayName.' - '.time().'.csv"'); diff --git a/classes/module/ModuleGrid.php b/classes/module/ModuleGrid.php index 7d3ab191a..fedfed49e 100644 --- a/classes/module/ModuleGrid.php +++ b/classes/module/ModuleGrid.php @@ -164,7 +164,8 @@ abstract class ModuleGridCore extends Module protected function _displayCsv() { - ob_end_clean(); + if (ob_get_level() && ob_get_length() > 0) + ob_end_clean(); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.$this->displayName.' - '.time().'.csv"'); echo $this->_csv; diff --git a/controllers/admin/AdminCustomerThreadsController.php b/controllers/admin/AdminCustomerThreadsController.php index 2feec12bc..3d4937965 100644 --- a/controllers/admin/AdminCustomerThreadsController.php +++ b/controllers/admin/AdminCustomerThreadsController.php @@ -463,8 +463,9 @@ class AdminCustomerThreadsControllerCore extends AdminController if (!$extension || !Validate::isFileName($filename)) die(Tools::displayError()); - - ob_end_clean(); + + if (ob_get_level() && ob_get_length() > 0) + ob_end_clean(); header('Content-Type: '.$extension); header('Content-Disposition:attachment;filename="'.$filename.'"'); readfile(_PS_UPLOAD_DIR_.$filename); diff --git a/controllers/admin/AdminImportController.php b/controllers/admin/AdminImportController.php index e97e3645e..41e4bd9b4 100644 --- a/controllers/admin/AdminImportController.php +++ b/controllers/admin/AdminImportController.php @@ -3120,7 +3120,8 @@ class AdminImportControllerCore extends AdminController $mimeType = $mimeTypes[$bName]; else $mimeType = 'application/octet-stream'; - if (ob_get_level()) + + if (ob_get_level() && ob_get_length() > 0) ob_end_clean(); header('Content-Transfer-Encoding: binary'); diff --git a/controllers/front/AttachmentController.php b/controllers/front/AttachmentController.php index 8461be1f5..4244441eb 100644 --- a/controllers/front/AttachmentController.php +++ b/controllers/front/AttachmentController.php @@ -34,7 +34,7 @@ class AttachmentControllerCore extends FrontController Hook::exec('actionDownloadAttachment', array('attachment' => &$a); - if (ob_get_level()) + if (ob_get_level() && ob_get_length() > 0) ob_end_clean(); header('Content-Transfer-Encoding: binary'); diff --git a/controllers/front/GetFileController.php b/controllers/front/GetFileController.php index f39990b4d..d89f6c109 100644 --- a/controllers/front/GetFileController.php +++ b/controllers/front/GetFileController.php @@ -270,7 +270,7 @@ class GetFileControllerCore extends FrontController $mimeType = 'application/octet-stream'; } - if (ob_get_level()) + if (ob_get_level() && ob_get_length() > 0) ob_end_clean(); /* Set headers for download */ diff --git a/install-dev/classes/controllerHttp.php b/install-dev/classes/controllerHttp.php index 53bc10f39..d7c4e9b86 100644 --- a/install-dev/classes/controllerHttp.php +++ b/install-dev/classes/controllerHttp.php @@ -417,7 +417,8 @@ abstract class InstallControllerHttp if ($get_output) { $content = ob_get_contents(); - ob_end_clean(); + if (ob_get_level() && ob_get_length() > 0) + ob_end_clean(); return $content; } } diff --git a/install-dev/controllers/http/smarty_compile.php b/install-dev/controllers/http/smarty_compile.php index e8374410c..901ab7a77 100644 --- a/install-dev/controllers/http/smarty_compile.php +++ b/install-dev/controllers/http/smarty_compile.php @@ -40,4 +40,5 @@ require_once(_PS_ROOT_DIR_.'/config/smarty.config.inc.php'); $smarty->setTemplateDir($directory); ob_start(); $smarty->compileAllTemplates('.tpl', false); -ob_end_clean(); \ No newline at end of file +if (ob_get_level() && ob_get_length() > 0) + ob_end_clean(); \ No newline at end of file