Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

All other Modules /

Discuss all other Modules here.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Secure Files: failed to flush buffer


4 Posts   1379 Views


Community Member, 150 Posts

5 October 2010 at 8:21am

Edited: 05/10/2010 8:31am


I have setup a secured folder using your Secure Files module. I login with a user with access permissions to this secured folder and try to download an image within this folder. Next, the file is downloaded like thumb1.jpg.html (with html behind it) and when I open that html file I can see the error message below:

[Notice] ob_flush() [ref.outcontrol]: failed to flush buffer. No buffer to flush.

Line 170 in /Sites/


161       header("Content-Length: {$file_size}");
162       header("Pragma: ");
164       if(self::$use_x_sendfile) {
165          session_write_close();
166          header('X-Sendfile: '.$file_path);
167          exit();         
168       } elseif($filePointer = fopen($file_path, 'rb')) {
169          session_write_close();
170          ob_flush();
171          flush();
172          // Push the file while not EOF and connection exists
173          while(!feof($filePointer) && !connection_aborted()) {
174             print(fread($filePointer, 1024 * self::$chuck_size_kb));
175             ob_flush();
176             flush();

I have tested this with the following Secure Files _config.php:

* Secure Files Module Configuration
* @package securefiles
* @author Hamish Campbell <>
* @copyright copyright (c) 2010, Hamish Campbell

Director::addRules(50, array(ASSETS_DIR . '/$Action' => 'SecureFileController'));
// -------------------------------

* Apply optional permission methods here. Include them in the reverse
* order that you would like them to appear in the CMS.

// Assign file security by individual member:
DataObject::add_extension('File', 'SecureFileMemberPermissionDecorator');

// Assign file security by member group:
DataObject::add_extension('File', 'SecureFileGroupPermissionDecorator');

// Create time-limited access tokens:
// DataObject::add_extension('File', 'SecureFileTokenPermissionDecorator');

// -------------------------------
DataObject::add_extension('File', 'SecureFileDecorator');

* For large files or heavily trafficed sites use x-sendfile headers to by-pass
* file handling in PHP. Supported in lighttpd and in Apache with mod_xsendfile
* available at
// SecureFileController::use_x_sendfile_method();

* For testing or debug purposes, you can force this module to use the internal
* Sapphire send file method. Not recommended for production sites.
// SecureFileController::use_ss_sendfile_method();

PS. Am on localhost:8888 using MAMP.


Community Member, 150 Posts

5 October 2010 at 8:30am

PS. With use_x_sendfile_method() on, the file is downloaded as a JPG, but with zero Kb size. File can not be opened. This maybe because x-sendfile needs to be installed first...


Community Member, 712 Posts

5 October 2010 at 9:01am

Hi there,

That was a known bug in the current tagged versions where certain server configurations would cause errors. It's fixed in the trunk version (should be stable) but you might also be able to fix by disabling gzip for asset folders (not much to be gained by gzipping images/archives anyway).




Community Member, 150 Posts

5 October 2010 at 9:48am

Edited: 05/10/2010 9:49am

Thanks, Hamish for both answers! You're the best. Final Q: how do I disable gzip for asset folders? Apologies for (maybe) another non-developers question. PS. If you ever need something in the future (testing, NL translations), let me know!