On Wed, Dec 2, 2020 at 10:21 AM Aimeos | Norbert Sendetzky < norb...@aimeos.com> wrote:
> Am 01.12.20 um 18:24 schrieb Christoph M. Becker: > > On 01.12.2020 at 18:18, Aimeos | Norbert Sendetzky wrote: > > > >> PHP 8 is stricter in checking input data then PHP 7. This is good but > >> has some side effects for is_file(), is_dir() and similar functions when > >> invalid paths are passed for checking. > >> > >> In PHP 7, this returns FALSE: > >> > >> php -r 'var_dump(is_file("ab\0c"));' > >> > >> In PHP 8, the same code throws a ValueException. Problem is now that > >> it's not possible to check upfront if the passed argument is a valid > >> path to avoid the exception being thrown. > > > > This is only about the NUL byte in the filename. You can easily check > > for that yourself. :) > > If it's the only check that would throw a ValueException, then yes - > even if I think that is_file() should only return true/false to avoid > blown up code for checks that should be done by is_file(). > > Now have a look at GD imagecreatefromstring() which has almost the same > issue. If you use: > > php -r 'var_dump(imagecreatefromstring('some data'));' > > you will get in PHP 7: > > PHP Warning: imagecreatefromstring(): Empty string or invalid image in > Command line code on line 1 > PHP Stack trace: > PHP 1. {main}() Command line code:0 > PHP 2. imagecreatefromstring() Command line code:1 > Command line code:1: > bool(false) > > and in PHP 8: > > PHP Fatal error: Uncaught ValueError: imagecreatefromstring(): Argument > #1 ($data) cannot be empty in Command line code:1 > Stack trace: > #0 Command line code(1): imagecreatefromstring() > #1 {main} > thrown in Command line code on line 1 > > How would you check the string upfront to be a valid image to avoid the > ValueException there? > > Also, the error in PHP 8 is wrong because the string isn't empty but not > a valid image or not supported by GD. > This was an implementation error, fixed in https://github.com/php/php-src/commit/a89aaf6c386679492e814cfbb5790142e29692fe. Thanks for the report! Nikita