Am 01.12.20 um 21:06 schrieb Stanislav Malyshev:
Hi!
First, assuming that a null byte in a file name *is* an error
condition, is
the PHP 8 behavior better than in PHP 7? I think the answer to this
one is
very clearly "yes". The above code snippet and the subtle way in which it
For me as a user that would be a very clear "no". Now if I have any
usage of these functions in my existing code, I have to go and replace
them with safe wrapper to ensure it doesn't bail out in random places
yeah, you should think about external input *before* do anything with
it, always! if you pass a random path with NULL you did not do anything
to validate the input
millions of security issues in whatever programming language are the
result of "i throw the input somewhere and don't mind"
if you ever reach that exception you have a stacktrace up to the point
where you should have stopped proceed at all
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
