Merge pull request #93 from julienloizelet/fix/91-session-start-error-header-already-sent

julienloizelet · web-flow · commit 5cd0c641eaaf · 2022-05-13T14:40:58.000+02:00
Fix/91 session start error header already sent
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+
+## [1.4.3] - 2022-05-13
+
+### Fixed
+- Do not bounce if headers are already sent
+
 ## [1.4.2] - 2022-05-13
 
 ### Added
diff --git a/crowdsec.php b/crowdsec.php
@@ -4,7 +4,7 @@
  * Plugin URI: https://github.com/crowdsecurity/cs-wordpress-bouncer
  * Description: Safer Together. Protect your WordPress application with CrowdSec.
  * Tags: crowdsec-bouncer, wordpress, security, firewall, captcha, ip-scanner, ip-blocker, ip-blocking, ip-address, ip-database, ip-range-check, crowdsec, ban-hosts, ban-management, anti-hacking, hacker-protection, captcha-image, captcha-generator, captcha-generation, captcha-service
- * Version: 1.4.2
+ * Version: 1.4.3
  * Author: CrowdSec
  * Author URI: https://www.crowdsec.net/
  * Github: https://github.com/crowdsecurity/cs-wordpress-blocker
@@ -13,7 +13,7 @@
  * Requires PHP: 7.2
  * Requires at least: 4.9
  * Tested up to: 5.9
- * Stable tag: 1.4.2
+ * Stable tag: 1.4.3
  * Text Domain: crowdsec-wp
  * First release: 2021.
  */
diff --git a/inc/Bounce.php b/inc/Bounce.php
@@ -317,6 +317,10 @@ public function sendResponse(?string $body, int $statusCode = 200): void
 
     public function safelyBounce(array $configs): bool
     {
+        if (headers_sent()) {
+            // We cannot start session when headers already sent
+            return false;
+        }
         // If there is any technical problem while bouncing, don't block the user. Bypass boucing and log the error.
         set_error_handler(function ($errno, $errstr) {
             throw new BouncerException("$errstr (Error level: $errno)");
diff --git a/inc/constants.php b/inc/constants.php
@@ -8,6 +8,6 @@ function crowdsecDefineConstants(string $crowdsecRandomLogFolder)
         define('CROWDSEC_DEBUG_LOG_PATH', __DIR__."/../logs/$crowdsecRandomLogFolder/debug.log");
         define('CROWDSEC_CACHE_PATH', __DIR__.'/../.cache');
         define('CROWDSEC_CONFIG_PATH', __DIR__.'/standalone-settings.php');
-        define('CROWDSEC_BOUNCER_USER_AGENT', 'WordPress CrowdSec Bouncer/v1.4.2');
+        define('CROWDSEC_BOUNCER_USER_AGENT', 'WordPress CrowdSec Bouncer/v1.4.3');
     }
 }
diff --git a/readme.txt b/readme.txt
@@ -4,7 +4,7 @@ Donate link: https://crowdsec.net/
 Tags: crowdsec-bouncer, wordpress, security, firewall, captcha, ip-scanner, ip-blocker, ip-blocking, ip-address, ip-database, ip-range-check, crowdsec, ban-hosts, ban-management, anti-hacking, hacker-protection, captcha-image, captcha-generator, captcha-generation, captcha-service
 Requires at least: 4.9
 Tested up to: 5.9
-Stable tag: 1.4.2
+Stable tag: 1.4.3
 Requires PHP: 7.2
 License: MIT
 License URI: https://opensource.org/licenses/MIT

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,6 @@ function crowdsecDefineConstants(string $crowdsecRandomLogFolder)`
`8`	`8`	`define('CROWDSEC_DEBUG_LOG_PATH', __DIR__."/../logs/$crowdsecRandomLogFolder/debug.log");`
`9`	`9`	`define('CROWDSEC_CACHE_PATH', __DIR__.'/../.cache');`
`10`	`10`	`define('CROWDSEC_CONFIG_PATH', __DIR__.'/standalone-settings.php');`
`11`		`- define('CROWDSEC_BOUNCER_USER_AGENT', 'WordPress CrowdSec Bouncer/v1.4.2');`
	`11`	`+ define('CROWDSEC_BOUNCER_USER_AGENT', 'WordPress CrowdSec Bouncer/v1.4.3');`
`12`	`12`	`}`
`13`	`13`	`}`