On 01.12.2020 at 19:38, Aimeos | Norbert Sendetzky wrote: > Am 01.12.20 um 19:23 schrieb G. P. B.: > >> So why having is_file()/is_dir() throw a warning for the past 8 years >> (since PHP 5.4) a non-issue? Because by that logic it shouldn't >> have been emitting warnings either. >> Would it have been fine if this would have been a TypeError as it was >> originally intended? >> Is a warning fine because null bytes indicate a potential attack as in no >> sane >> context should null bytes be passed around? >> >> I don't personally *care* that it throws a ValueError, but why is this >> issue only >> brought up *now* when it should have been shouting for 8 years and is >> either an >> indication of a bug or of something larger at play. > > Keep cool, the code we are currently using is similar to this one: > > if( @is_file( $data ) === false ) { > throw new \Aimeos\MW\Exception( 'Invalid file' ); > } > > We use the silence operator to suppress the warning so we can throw our > own exception in a clean way. Now, with support for PHP 8 it would be:
However, if $data contains a NUL byte, no exception would be thrown, since is_file() returned NULL in that case. Regards, Christoph -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php