Fix raw endpoint: strip leading blank lines/BOM and clear stray output #17
Description
Hi there :)
I ran into an issue with the raw view: the response sometimes starts with a few blank lines before the actual paste content (e.g. before a CSV header line). You can see it with:
curl -s 'https://<site>/paste.php?raw&id=<id>' | head -n 10 | cat -n
Lines 1–3 can be empty, then the real content begins.
Why this matters
Some consumers of the raw endpoint (scripts, CSV parsers, automation) expect the first line to be meaningful (e.g. a header row). Leading CR/LF or a UTF-8 BOM can introduce empty lines and break parsers.
Likely cause
This looks like “stray output” happening before the raw response is emitted (whitespace/BOM from an include, or output buffers already open), and/or a BOM + leading newlines at the start of the stored content.
Suggested fix
Harden rawView() so the raw endpoint is reliably “clean”:
- Clear any existing output buffers (to remove accidental whitespace/BOM output)
- Strip an optional UTF-8 BOM + leading newlines only at the beginning
- Send
text/plainand echo the content
Example patch:
function rawView(int $paste_id, string $p_title, string $p_content, string $p_code): bool
{
if (!$paste_id || !$p_code || !$p_content) {
header('HTTP/1.1 404 Not Found');
return false;
}
// Clear any stray output (whitespace/BOM from includes, etc.)
if (function_exists('ob_get_level')) {
while (ob_get_level() > 0) { @ob_end_clean(); }
}
// Remove optional UTF-8 BOM and leading newlines only
$p_content = preg_replace("/\A(?:\xEF\xBB\xBF)?[\r\n]+/u", "", $p_content);
header('Content-Type: text/plain; charset=utf-8');
echo $p_content;
return true;
}This does not alter the paste body, only cleans what can appear before the content.
- If you want, I can open a PR with the exact diff.
Thanks again for sharing and maintaining this project - it’s really appreciated. :))