Add sniff to warn against using output buffering #1422
Labels
Focus: WP interoperability
Doing things the WP way, prefer using WP functionality over userland/PHP native
Type: Enhancement
Output buffering in the context of WP is notoriously problematic.
In PHP any number of output buffers can be created. These will be nested in the order in which they are opened and any call to close/flush an output buffer will close the inner most output buffer - or depending on the function called - close all buffers.
Also, whether output buffering will work at all, let alone how, is severely impacted by the values of the related
ini
directives of the system the code is run on, which in most cases in the context of WP is outside of the control of whoever writes the code.Typical problems (simplified):
Case 1
Plugin A and B both hook their functions to arbitrary WordPress hooks.
Plugin A opens an output buffer, plugin B opens an output buffer.
Plugin A tries to close their output buffer before plugin B has closed theirs.
Both plugins receive the buffer expected by the other plugin.
Case 2
Output buffering is off system-wide (via the ini directives) and the ini directives are not checked before using the output buffering functions.
Case 3
Plugin A and B both hook their functions to arbitrary WordPress hooks.
Plugin A opens an output buffer, plugin B opens an output buffer.
Plugin A closes output buffering using
ob_end_flush()
orob_end_clean()
, destroying the output buffers of all other plugins/themes using output buffering as well.Etc.
Sniffing for this
I believe it would be a good idea to have a sniff check for usage of the output buffering functions.
This could be done simply by adding a function list somewhere, though a more intelligent solution would be preferred.
Rough line of thinking (needs refinement):
ob_end_flush()
orob_end_clean()
are used.ob_start()
is called within the scope of a function and the buffer is closed within the same scope and no hooks are called in between (i.e. no WP functions are called as most will offer hooks), it's probably ok.The sniff should (initially) be added to the
Extra
ruleset.Ref: http://php.net/manual/en/book.outcontrol.php
The text was updated successfully, but these errors were encountered: