headers_sent - PHP code example

The php Function Headers_Sent

The php function headers_sent checks if and where the HTTP headers have been sent. It is an important function to call before any output is sent, whether it be via a normal HTML tag or a blank line in a PHP file.

It can be helpful for debugging error messages or to see what the source of an exception is, especially if it is related to PHP parsing. It can be a bug in the underlying code or just an unintended consequence of how something is done, like a print statement or whitespace outside of PHP tags, which can cause the headers to be sent prematurely.

This is the function to call if you are getting errors related to the header() function, where you are getting a message that it has already been sent or that it is missing a value for one of its parameters. It can also help prevent some errors that would otherwise be triggered by the header() function, like when sending a Location header and continuing to parse the script after it has been redirected, which wastes system resources and may cause people to see pages they should not be seeing.

The parameters that can be passed into the headers_sent function are as follows. The replace parameter shows whether the present header should replace a previous similar-looking header or add a second header (default is True). The http_response_code is an optional field that forces additional headers of the same kind. The other two are a file name and a line number where the output started.

headers_sent example

/** * Handles _deprecated_function() errors. * * @since 4.4.0 * * @param string $function_name The function that was called. * @param string $replacement The function that should have been called. * @param string $version Version. */
function rest_handle_deprecated_function( $function_name, $replacement, $version ) {
    if ( ! WP_DEBUG || headers_sent() ) {
        return;
    }
    if ( ! empty( $replacement ) ) {
        /* translators: 1: Function name, 2: WordPress version number, 3: New function name. */
        $string = sprintf( __( '%1$s (since %2$s; use %3$s instead)' ), $function_name, $version, $replacement );
    } else {
        /* translators: 1: Function name, 2: WordPress version number. */
        $string = sprintf( __( '%1$s (since %2$s; no alternative available)' ), $function_name, $version );
    }

    header( sprintf( 'X-WP-DeprecatedFunction: %s', $string ) );
}

    public function reset(): void
    {
        if (\PHP_SESSION_ACTIVE === session_status()) {
            session_abort();
        }

        session_unset();
        $_SESSION = [];

        if (!headers_sent()) { // session id can only be reset when no headers were so we check for headers_sent first             session_id('');
        }
    }

    /** * Gets the session object. */
    abstract protected function getSession(): ?SessionInterface;

    private function getSessionOptions(array $sessionOptions): array
    {

        if (!$id) {
            $id = $this->_makeId();
            if (!$id) {
                return false;
            }
        }
        $array = $this->load($id);
        if ($array !== false) {
            $data = $array['data'];
            $headers = $array['headers'];
            if (!headers_sent()) {
                foreach ($headers as $key=>$headerCouple) {
                    $name = $headerCouple[0];
                    $value = $headerCouple[1];
                    header("$name: $value");
                }
            }
            if ($this->_specificOptions['debug_header']) {
                echo 'DEBUG HEADER : This is a cached page !';
            }
            echo $data;
            if ($doNotDie) {

if (1 < count($vars)) {
            return $vars;
        }

        return $vars[$k];
    }
}

if (!function_exists('dd')) {
    function dd(mixed ...$vars): never
    {
        if (!in_array(\PHP_SAPI, ['cli', 'phpdbg'], true) && !headers_sent()) {
            header('HTTP/1.1 500 Internal Server Error');
        }

        if (array_key_exists(0, $vars) && 1 === count($vars)) {
            VarDumper::dump($vars[0]);
        } else {
            foreach ($vars as $k => $v) {
                VarDumper::dump($v, is_int($k) ? 1 + $k : $k);
            }
        }

function set_user_setting( $name, $value ) {
    if ( headers_sent() ) {
        return false;
    }

    $all_user_settings          = get_all_user_settings();
    $all_user_settings[ $name ] = $value;

    return wp_set_all_user_settings( $all_user_settings );
}

/** * Deletes user interface settings. * * Deleting settings would reset them to the defaults. * * This function has to be used before any output has started as it calls `setcookie()`. * * @since 2.7.0 * * @param string $names The name or array of names of the setting to be deleted. * @return bool|null True if deleted successfully, false otherwise. * Null if the current user is not a member of the site. */

echo "<link rel='shortlink' href='" . esc_url( $shortlink ) . "' />\n";
}

/** * Sends a Link: rel=shortlink header if a shortlink is defined for the current page. * * Attached to the {@see 'wp'} action. * * @since 3.0.0 */
function wp_shortlink_header() {
    if ( headers_sent() ) {
        return;
    }

    $shortlink = wp_get_shortlink( 0, 'query' );

    if ( empty( $shortlink ) ) {
        return;
    }

    header( 'Link: <' . $shortlink . '>; rel=shortlink', false );
}

abstract class AbstractSessionHandler implements \SessionHandlerInterface, \SessionUpdateTimestampHandlerInterface
{
    private string $sessionName;
    private string $prefetchId;
    private string $prefetchData;
    private ?string $newSessionId = null;
    private string $igbinaryEmptyData;

    public function open(string $savePath, string $sessionName): bool
    {
        $this->sessionName = $sessionName;
        if (!headers_sent() && !\ini_get('session.cache_limiter') && '0' !== \ini_get('session.cache_limiter')) {
            header(sprintf('Cache-Control: max-age=%d, private, must-revalidate', 60 * (int) \ini_get('session.cache_expire')));
        }

        return true;
    }

    abstract protected function doRead(#[\SensitiveParameter] string $sessionId): string;
    abstract protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool;
    abstract protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool;

            if ( $attachment && ( time() - strtotime( $attachment->post_date_gmt ) < 600 ) ) {
                wp_delete_attachment( $attachment_id, true );
                wp_send_json_success();
            }
        }
    }

    /* * Set a custom header with the attachment_id. * Used by the browser/client to resume creating image sub-sizes after a PHP fatal error. */
    if ( ! headers_sent() ) {
        header( 'X-WP-Upload-Attachment-ID: ' . $attachment_id );
    }

    /* * This can still be pretty slow and cause timeout or out of memory errors. * The js that handles the response would need to also handle HTTP 500 errors. */
    wp_update_image_subsizes( $attachment_id );

    if ( ! empty( $_POST['_legacy_support'] ) ) {
        // The old (inline) uploader. Only needs the attachment_id.

exit;
            }

            deactivate_plugins( $plugin, false, is_network_admin() );

            if ( ! is_network_admin() ) {
                update_option( 'recently_activated', array( $plugin => time() ) + (array) get_option( 'recently_activated' ) );
            } else {
                update_site_option( 'recently_activated', array( $plugin => time() ) + (array) get_site_option( 'recently_activated' ) );
            }

            if ( headers_sent() ) {
                echo "<meta http-equiv='refresh' content='" . esc_attr( "0;url=plugins.php?deactivate=true&plugin_status=$status&paged=$page&s=$s" ) . "' />";
            } else {
                wp_redirect( self_admin_url( "plugins.php?deactivate=true&plugin_status=$status&paged=$page&s=$s" ) );
            }
            exit;

        case 'deactivate-selected':
            if ( ! current_user_can( 'deactivate_plugins' ) ) {
                wp_die( __( 'Sorry, you are not allowed to deactivate plugins for this site.' ) );
            }

    public function getHttpResponseCode()
    {
        return $this->getStatusCode();
    }

    /** * {@inheritdoc} */
    public function canSendHeaders($throw = false)
    {
        $ok = headers_sent($file, $line);
        if ($ok && $throw && $this->headersSentThrowsException) {
            throw new RuntimeException('Cannot send headers; headers already sent in ' . $file . ', line ' . $line);
        }

        return !$ok;
    }

    /** * {@inheritdoc} */
    public function setBody($content, $name = null)
    {

/** * Contains the post embed header template * * When a post is embedded in an iframe, this file is used to create the header output * if the active theme does not include a header-embed.php template. * * @package WordPress * @subpackage Theme_Compat * @since 4.5.0 */

if ( ! headers_sent() ) {
header( 'X-WP-embed: true' );
}

?> <!DOCTYPE html> <html <?php language_attributes(); ?> class="no-js"> <head> <title><?php echo wp_get_document_title(); ?></title> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <?php /** * Prints scripts or data in the embed template head tag. * * @since 4.4.0 */

    $response = wp_remote_post( $url, $options );

    if ( $ssl && is_wp_error( $response ) ) {
        trigger_error(
            sprintf(
                /* translators: %s: Support forums URL. */
                __( 'An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the <a href="%s">support forums</a>.' ),
                __( 'https://wordpress.org/support/forums/' )
            ) . ' ' . __( '(WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.)' ),
            headers_sent() || WP_DEBUG ? E_USER_WARNING : E_USER_NOTICE
        );
        $response = wp_remote_post( $http_url, $options );
    }

    if ( is_wp_error( $response ) || 200 !== wp_remote_retrieve_response_code( $response ) ) {
        return;
    }

    $body = trim( wp_remote_retrieve_body( $response ) );
    $body = json_decode( $body, true );

    // however the former calls session_regenerate_id(TRUE), which while     // destroying the current session creates a new ID; Drupal has historically     // decided to only set sessions when absolutely necessary (e.g., to increase     // anonymous user cache hit rates) and as such we cannot use the Symfony     // convenience method here.     session_destroy();

    // Unset the session cookies.     $session_name = $this->getName();
    $cookies = $this->requestStack->getCurrentRequest()->cookies;
    // setcookie() can only be called when headers are not yet sent.     if ($cookies->has($session_name) && !headers_sent()) {
      $params = session_get_cookie_params();
      setcookie($session_name, '', REQUEST_TIME - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
      $cookies->remove($session_name);
    }
  }

  /** * {@inheritdoc} */
  public function setWriteSafeHandler(WriteSafeSessionHandlerInterface $handler) {
    $this->writeSafeHandler = $handler;
  }

public function start(): bool
    {
        if ($this->started) {
            return true;
        }

        if (\PHP_SESSION_ACTIVE === session_status()) {
            throw new \RuntimeException('Failed to start the session: already started by PHP.');
        }

        if (filter_var(\ini_get('session.use_cookies'), \FILTER_VALIDATE_BOOL) && headers_sent($file, $line)) {
            throw new \RuntimeException(sprintf('Failed to start the session because headers have already been sent by "%s" at line %d.', $file, $line));
        }

        $sessionId = $_COOKIE[session_name()] ?? null;
        /* * Explanation of the session ID regular expression: `/^[a-zA-Z0-9,-]{22,250}$/`. * * ---------- Part 1 * * The part `[a-zA-Z0-9,-]` is related to the PHP ini directive `session.sid_bits_per_character` defined as 6. * See https://www.php.net/manual/en/session.configuration.php#ini.session.sid-bits-per-character. * Allowed values are integers such as: * - 4 for range `a-f0-9` * - 5 for range `a-v0-9` * - 6 for range `a-zA-Z0-9,-` * * ---------- Part 2 * * The part `{22,250}` is related to the PHP ini directive `session.sid_length`. * See https://www.php.net/manual/en/session.configuration.php#ini.session.sid-length. * Allowed values are integers between 22 and 256, but we use 250 for the max. * * Where does the 250 come from? * - The length of Windows and Linux filenames is limited to 255 bytes. Then the max must not exceed 255. * - The session filename prefix is `sess_`, a 5 bytes string. Then the max must not exceed 255 - 5 = 250. * * ---------- Conclusion * * The parts 1 and 2 prevent the warning below: * `PHP Warning: SessionHandler::read(): Session ID is too long or contains illegal characters. Only the A-Z, a-z, 0-9, "-", and "," characters are allowed.` * * The part 2 prevents the warning below: * `PHP Warning: SessionHandler::read(): open(filepath, O_RDWR) failed: No such file or directory (2).` */