Re: [PHP-DEV] Re: PHP 8 is_file/is_dir and imagecreatefromstring()

Wed, 02 Dec 2020 01:57:26 -0800 

On Wed, Dec 2, 2020 at 10:21 AM Aimeos | Norbert Sendetzky <
norb...@aimeos.com> wrote:

> Am 01.12.20 um 18:24 schrieb Christoph M. Becker:
> > On 01.12.2020 at 18:18, Aimeos | Norbert Sendetzky wrote:
> >
> >> PHP 8 is stricter in checking input data then PHP 7. This is good but
> >> has some side effects for is_file(), is_dir() and similar functions when
> >> invalid paths are passed for checking.
> >>
> >> In PHP 7, this returns FALSE:
> >>
> >> php -r 'var_dump(is_file("ab\0c"));'
> >>
> >> In PHP 8, the same code throws a ValueException. Problem is now that
> >> it's not possible to check upfront if the passed argument is a valid
> >> path to avoid the exception being thrown.
> >
> > This is only about the NUL byte in the filename.  You can easily check
> > for that yourself. :)
>
> If it's the only check that would throw a ValueException, then yes -
> even if I think that is_file() should only return true/false to avoid
> blown up code for checks that should be done by is_file().
>
> Now have a look at GD imagecreatefromstring() which has almost the same
> issue. If you use:
>
> php -r 'var_dump(imagecreatefromstring('some data'));'
>
> you will get in PHP 7:
>
> PHP Warning:  imagecreatefromstring(): Empty string or invalid image in
> Command line code on line 1
> PHP Stack trace:
> PHP   1. {main}() Command line code:0
> PHP   2. imagecreatefromstring() Command line code:1
> Command line code:1:
> bool(false)
>
> and in PHP 8:
>
> PHP Fatal error:  Uncaught ValueError: imagecreatefromstring(): Argument
> #1 ($data) cannot be empty in Command line code:1
> Stack trace:
> #0 Command line code(1): imagecreatefromstring()
> #1 {main}
>   thrown in Command line code on line 1
>
> How would you check the string upfront to be a valid image to avoid the
> ValueException there?
>
> Also, the error in PHP 8 is wrong because the string isn't empty but not
> a valid image or not supported by GD.
>

This was an implementation error, fixed in
https://github.com/php/php-src/commit/a89aaf6c386679492e814cfbb5790142e29692fe.
Thanks for the report!

Nikita

Reply via email to