MyBB Hacks

Full Version: header("Content-type: image/png"); makes script run twice?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
Hey,

I've been searching for an hour and doing tests myself and found out the issue for my script being executed twice - queries are getting executed twice so I believe the script is also run twice.

Here's the problem:

PHP Code:
switch($dl['filetype'])
	{
		case "application/pdf":
		case "image/bmp":
		case "image/gif":
		case "image/jpeg":
		case "image/pjpeg":
		case "image/png":
		case "text/plain":
			header("Content-type: {$dl['filetype']}");
			//header("Content-type: application/force-download");
			$disposition = "inline";
			break;

		default:
			header("Content-type: application/force-download");
			$disposition = "attachment";
	}


If I comment:

PHP Code:
header("Content-type: {$dl['filetype']}");


And uncomment the first:

PHP Code:
header("Content-type: application/force-download");


The script is executed twice. I have no idea why and can't seem to find anything related to this on the internet. If the script forces download, this no longer happens.

Note that if I comment:

PHP Code:
echo file_get_contents(MYBB_ROOT.$mybb->settings['mydownloads_downloads_dir']."/".$dl['download']);


Which is a bit below that, then the problem no longer happens either (but with it uncommented and with force-download, it doesn't happen either).

This is the only thing I could find related to this problem but doesn't help at all:

Quote:When using readfile()  -or fopen() and fpassthru() - make sure that if you are dealing with large files that are located on your server, use absolute paths and not URL's! Otherwise, the file will essentially be downloaded twice - the script will access the file from your web server itself, and then output it to the client, doubling the bandwidth. I made this mistake in a download script I made that included files on other servers, when the file was on mine, I forgot to use absolute paths. So, even for good practice if your files you're accessing are small, use absolute paths whenever possible. Seems obvious, but don't forget about it.
http://www.theserverpages.com/php/manual...http://www.theserverpages.com/php/manual/en/function.fpa

(I've tried full path and URL, both give me the same weird results: queries are getting executed twice)
Okay, it seems the problem is this:

PHP Code:
$disposition = "inline";


Gotta check what's wrong with inline disposition.



Alright some more information, it seems that only images are affected. I've found this related article: http://forums.mysql.com/read.php?52,1143...http://forums.mysql.com/read.php?52,114324,114324#

It's the same problem as I described but the solution is not good enough..


Okay after some deep testing the problems seems to affect images only and ONLY when the request is not sent via POST because if we send via POST it works fine (switching to POST only would fix this issue but fixing the actual problem would be better I guess...)
I'm guessing you're looking in the wrong direction.
I haven't read everything you posted (including links), but, is your script vulnerable to early termination?  That is, if the user cancels loading the page before the script finishes executing, it's possible for your webserver to kill the script halfway through execution.  I don't know about browsers, but one may guess that it may react differently to various content types sent (browser prefetching or keep-alives perhaps).

You should track what requests the browser is making (use something like Fiddler to log requests) to see if two requests to the script are being made.
The script outputs the file once (not in multiple parts so it's limited to PHP's max post size). I'm not sure what you mean by early termination, once the file is sent to the user, the script has done its job.

After messing a bit with Fiddler I came to a different conclusion.

[attachment=532]

Notice that the last one has a different content-type so I decided to compare both of them in more depth.

The first request is the one which has the fields: postcode, did, action and process. The second contains no fields at all thus we get the image for the first one and the MyDownloads index page for the second.

After doing some tests with MyBB attachments and different file types in both MyBB attachments and MyDownloads, I conclude that only images are affected - even text files which are displayed inline are not affected.

After switching the Content-type to application/force-download this issue no longer happens so the problem is a browser problem related to image content-types.

So I believe the link I have posted ( http://forums.mysql.com/read.php?52,1143...http://forums.mysql.com/read.php?52,114324,114324# ) is correct but I don't see a solution there.

Perhaps switching all of them to force-download will fix this issue. No one has ever reported this in MyBB because the download counter is not shown for images thus it wasn't noticeable, but it's there.

I'm not sure if you can help me much more though.
(06-22-2011 08:53 PM)Pirata Nervo Wrote: [ -> ]The script outputs the file once (not in multiple parts so it's limited to PHP's max post size). I'm not sure what you mean by early termination, once the file is sent to the user, the script has done its job.
But when it hasn't sent the file to the user?

(06-22-2011 08:53 PM)Pirata Nervo Wrote: [ -> ]The first request is the one which has the fields: postcode, did, action and process. The second contains no fields at all thus we get the image for the first one and the MyDownloads index page for the second.
This is not normal behaviour.  A request to a file should be a single request and shouldn't start sending arbitrary additional requests.
Try a different browser.

My gut instinct would be that you have tweaked some Firefox settings or installed plugins to increase speed through parallel downloading or similar, which is causing >1 request to be sent.
(06-23-2011 10:07 AM)ZiNgA BuRgA Wrote: [ -> ]
(06-22-2011 08:53 PM)Pirata Nervo Wrote: [ -> ]The script outputs the file once (not in multiple parts so it's limited to PHP's max post size). I'm not sure what you mean by early termination, once the file is sent to the user, the script has done its job.
But when it hasn't sent the file to the user?
Like if the user hits cancel? It's still considered as downloaded.

(06-23-2011 10:07 AM)ZiNgA BuRgA Wrote: [ -> ]
(06-22-2011 08:53 PM)Pirata Nervo Wrote: [ -> ]The first request is the one which has the fields: postcode, did, action and process. The second contains no fields at all thus we get the image for the first one and the MyDownloads index page for the second.
This is not normal behaviour.  A request to a file should be a single request and shouldn't start sending arbitrary additional requests.
Try a different browser.

My gut instinct would be that you have tweaked some Firefox settings or installed plugins to increase speed through parallel downloading or similar, which is causing >1 request to be sent.

I might try it without addons running but I believe this is a firefox issue with images being output this way. But I'll try it without addons to make sure it's _my_ problem.

Thanks for your help.
(06-23-2011 11:17 AM)Pirata Nervo Wrote: [ -> ]
(06-23-2011 10:07 AM)ZiNgA BuRgA Wrote: [ -> ]
(06-22-2011 08:53 PM)Pirata Nervo Wrote: [ -> ]The script outputs the file once (not in multiple parts so it's limited to PHP's max post size). I'm not sure what you mean by early termination, once the file is sent to the user, the script has done its job.
But when it hasn't sent the file to the user?
Like if the user hits cancel? It's still considered as downloaded.
That'll depend on whether your script has the chance to execute the query which considers it as downloaded.
Unless you're using

PHP Code:
ignore_user_abort(true);

somewhere, your script can be terminated early.

I'm not using that because unless the server response takes too much time, it's very hard to cancel it before server has output the file.

But the queries are getting executed, that's not my problem. The problem is that they're getting executed twice.
Very hard != impossible, and if it's application terminated (ie not by a user), it's a fair bit more probable than you think.

The problem is that your script is being called twice, not a double execution of the query.
(06-24-2011 08:55 AM)ZiNgA BuRgA Wrote: [ -> ]Very hard != impossible, and if it's application terminated (ie not by a user), it's a fair bit more probable than you think.

The problem is that your script is being called twice, not a double execution of the query.

Sorry for not noticing this. I know the script is being executed twice and the same thing happens with MyBB but since download count is not shown for image attachments, no one had noticed this before. The problem happens most likely because of the way Firefox handles inline images.
I doubt that.  Usually attached images will be viewed twice: first time as a thumbnail, then the user clicks on the thumbnail to view the full image.

(haven't read thread history so can't remember what I was talking about before)
Pages: 1 2
Reference URL's