Hi!

yeah, you should think about external input *before* do anything with it, always! if you pass a random path with NULL you did not do anything to validate the input

Yes, and? is_file should be safe (as in, not exploding and breaking the whole app) on any input (leaving typing discussion aside, any string input). It should return true if the input is a name of an existing file, false otherwise. It's simple, not?

millions of security issues in whatever programming language are the result of "i throw the input somewhere and don't mind"

This is a general banality which is not applicable to this specific functions. Sure, there are security issues that come from input validation failure. It is not the case here. As somebody who added those checks in most of the code personally, I can tell you not bailing out but returning false on is_file would not make security of this function worse in any way.

I know why it happens - because it has been treated as a type error (which was a nice hack but in retrospect probably not the most correct way) and then we decided to make type error throw and the fact that this is not actually a type came to bite us in the butt. I think the solution for this is to refactor this code and separate null checks from type checks. It was a nice hack for the time, but its time has expired.

if you ever reach that exception you have a stacktrace up to the point where you should have stopped proceed at all

Nope, there's no reason to stop processing when I check whether a random string signifies valid files. There might be a reason to stop processing later, after I discovered it is not, or continue processing, depending on the code intent - e.g. use alternative filename, or the default, or different code path. Exploding functions take this ability from me as an author of the code. So I will be forced to take it back by replacing every use of is_file with safe_is_file which would catch the exception and return false. Which just adds work for me which I hadn't to do before. That's not how the language should evolve - it shouldn't make things that are now easy harder.
--
Stas Malyshev
smalys...@gmail.com

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

Reply via email to