Am 01.12.20 um 18:24 schrieb Christoph M. Becker:
> On 01.12.2020 at 18:18, Aimeos | Norbert Sendetzky wrote:
>
>> PHP 8 is stricter in checking input data then PHP 7. This is good but
>> has some side effects for is_file(), is_dir() and similar functions when
>> invalid paths are passed for checking.
>>
>> In PHP 7, this returns FALSE:
>>
>> php -r 'var_dump(is_file("ab\0c"));'
>>
>> In PHP 8, the same code throws a ValueException. Problem is now that
>> it's not possible to check upfront if the passed argument is a valid
>> path to avoid the exception being thrown.
>
> This is only about the NUL byte in the filename. You can easily check
> for that yourself. :)
If it's the only check that would throw a ValueException, then yes -
even if I think that is_file() should only return true/false to avoid
blown up code for checks that should be done by is_file().
Now have a look at GD imagecreatefromstring() which has almost the same
issue. If you use:
php -r 'var_dump(imagecreatefromstring('some data'));'
you will get in PHP 7:
PHP Warning: imagecreatefromstring(): Empty string or invalid image in
Command line code on line 1
PHP Stack trace:
PHP 1. {main}() Command line code:0
PHP 2. imagecreatefromstring() Command line code:1
Command line code:1:
bool(false)
and in PHP 8:
PHP Fatal error: Uncaught ValueError: imagecreatefromstring(): Argument
#1 ($data) cannot be empty in Command line code:1
Stack trace:
#0 Command line code(1): imagecreatefromstring()
#1 {main}
thrown in Command line code on line 1
How would you check the string upfront to be a valid image to avoid the
ValueException there?
Also, the error in PHP 8 is wrong because the string isn't empty but not
a valid image or not supported by GD.
Norbert
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
