Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:112335
Return-Path: <norbert@aimeos.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 76599 invoked from network); 1 Dec 2020 18:07:35 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 1 Dec 2020 18:07:35 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 1A4701804C4
	for <internals@lists.php.net>; Tue,  1 Dec 2020 09:35:04 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE,
	SPF_HELO_NONE,SPF_NONE autolearn=no autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <norbert@aimeos.com>
Received: from dd46610.kasserver.com (dd46610.kasserver.com [85.13.163.220])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Tue,  1 Dec 2020 09:35:03 -0800 (PST)
Received: from [192.168.178.23] (dynamic-077-008-005-013.77.8.pool.telefonica.de [77.8.5.13])
	by dd46610.kasserver.com (Postfix) with ESMTPSA id 3EB725F809EE;
	Tue,  1 Dec 2020 18:35:02 +0100 (CET)
To: "Christoph M. Becker" <cmbecker69@gmx.de>,
 PHP internals <internals@lists.php.net>
References: <b845d5bf-63da-d564-1f0f-cc934188d693@aimeos.com>
 <b546b5bf-27f8-62cc-cc4b-d859132998a4@gmx.de>
Organization: Aimeos GmbH
Message-ID: <0774c293-afd7-d8b9-175f-217ed600d1ea@aimeos.com>
Date: Tue, 1 Dec 2020 18:35:01 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <b546b5bf-27f8-62cc-cc4b-d859132998a4@gmx.de>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Subject: Re: PHP 8 is_file/is_dir input handling
From: norbert@aimeos.com (Aimeos | Norbert Sendetzky)

Am 01.12.20 um 18:24 schrieb Christoph M. Becker:
>> In PHP 7, this returns FALSE:
>>
>> php -r 'var_dump(is_file("ab\0c"));'
>>
>> In PHP 8, the same code throws a ValueException. Problem is now that
>> it's not possible to check upfront if the passed argument is a valid
>> path to avoid the exception being thrown.
> 
> This is only about the NUL byte in the filename.  You can easily check
> for that yourself. :)

There may be other checks that will throw a ValueException. I'm not sure
how it's implemented in detail because the filestat.c file doesn't
thrown an exception at all:

https://github.com/php/php-src/blob/1e9db80d7264911fa4089cb7e4b3dc7f97b19c6e/ext/standard/filestat.c

Can you tell me how you would check for NULL bytes?

Best,


Norbert