I faced with an issue with php buffer like that
ob_start();
header("Content-Type: audio/mpeg");
include "Death_Valley.mp3";
//header("Content-Disposition: attachment; filename='Death_Valley.mp3'");
echo ob_get_clean();
If I use include instead of file_get_contents (which is binary safe) I got an error
Parse error: syntax error, unexpected '}'
Just for self-education is it really non-binary-safe issue? Or I miss something with an understanding of include function?
well, no, it's not binary safe. if it comes across the bytes
<=or<?or<?php, it will corrupt the download.furthermore, if hackers are able to upload their own files to your server, you're looking at a remote code execution vulnerability (injecting php code to mp3 files. Imgur or imageshack got hacked due to this very mistake, some idiot developer decided the best way was to include('image.jpg'); )
the correct way to do what you want is
and drop the ob_start(), that will fill the entire file in memory before giving it out to the user, which is both slow and memory hungry
and final thought: if you're using apache/lighthttpd/nginx, you should probably check out X-sendfile (lighthttpd/apache) or X-Accel-Redirect (nginx), which will scale much better than anything php-based (at least in Zend's PHP. maybe it doesn't matter in HHVM php, idk)