Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:112356 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 16475 invoked from network); 1 Dec 2020 20:38:56 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 1 Dec 2020 20:38:56 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 0A5451804C3 for ; Tue, 1 Dec 2020 12:06:27 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail-pg1-f176.google.com (mail-pg1-f176.google.com [209.85.215.176]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Tue, 1 Dec 2020 12:06:26 -0800 (PST) Received: by mail-pg1-f176.google.com with SMTP id k11so1861590pgq.2 for ; Tue, 01 Dec 2020 12:06:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:references:from:subject:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=UVxS0MTs8l0TeVNcaDUsgZrC3ymBsyqWsTNzk25JWjQ=; b=f2EDRVF0Z9VIA6lxiGmUwsY25d1YaAk+pqO+TQss/ZiJHviNU0rIv9TgjC9/DDDmmJ raaglhAwZjz/GwbrUJSiGwRGbNvZKOSYtdH0IoEbPp62zgXiSkuxsCoM0+4mV1Vf9cMc huVUxhPByQV9rVGytSXjwwMEo97RoV2+b2oqLmVgmmiDaBBYLnqvyhR8KiXcuvFTEKcX qpO/2Hoi0tzm3nNC0epJBoa1m1psNAMUegGyBIhwjQrh7YatRQm+1oGneYWpOl55Utot gFV/zHrWMKizlUgNZDIKAXW/G2loGjDRoCEtmBFDd6WAqJpCR5QvpylxZxeV6/X2TPYl m86Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:references:from:subject:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=UVxS0MTs8l0TeVNcaDUsgZrC3ymBsyqWsTNzk25JWjQ=; b=WpTVnVOcPjRzwiOd826CaMXlOHMOgOTLI7YKh/z0+xjYg95uCt8FpXMHXi0KkUIsSM sJgX6jMhFsGNO5CVJpQS3AnxGeBdrkAhmsEuEs0ePx1sl7F6ewWHA4CHW7kKjSf3sIYP iQPLpp4pihy537IblL2pY5UGx43eXOX8e56/sw32pDWCAKdzoALhcNVTiWAY8JzBfHO8 8wBli8yzwRxDN36I+fjNzS45AhV3+etjH2rjL/3cP8FeUP5OD6Wkfur2IpVArYMsq0ie aBGO646MXcfosUSYhOGuW3zkaJmd7uVXwbzIi3JTO8EHgeywH2wRw3no1lu4Eg4zrF/l PzNQ== X-Gm-Message-State: AOAM532UntTtoN8oFpl5VkiSUAsSKNgKd5lvwWQcjLiPJHE7SeGR0hTq d49qUwfz0DKVEcbH5c0UutJhUB5dypns X-Google-Smtp-Source: ABdhPJw9n6F8HNGzo/gN/QwkB+N+ro/HFiSVY511679vshJPzxtkD+ukjI78Jb63Vhzqf/Pt2MSoFA== X-Received: by 2002:aa7:8297:0:b029:198:15b2:ed0a with SMTP id s23-20020aa782970000b029019815b2ed0amr4056304pfm.47.1606853184032; Tue, 01 Dec 2020 12:06:24 -0800 (PST) Received: from Stas-Mac-3.local (ec2-44-226-106-152.us-west-2.compute.amazonaws.com. [44.226.106.152]) by smtp.gmail.com with ESMTPSA id i10sm576604pfq.189.2020.12.01.12.06.23 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 01 Dec 2020 12:06:23 -0800 (PST) To: PHP Internals References: <0774c293-afd7-d8b9-175f-217ed600d1ea@aimeos.com> <29529061-dc71-c759-590a-b4786936f8c5@aimeos.com> <96e40442-a649-f9af-a0cc-dd43cfd1bd0c@gmx.de> Message-ID: Date: Tue, 1 Dec 2020 12:06:22 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Thunderbird/78.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Subject: Re: [PHP-DEV] Re: PHP 8 is_file/is_dir input handling From: smalyshev@gmail.com (Stanislav Malyshev) Hi! > First, assuming that a null byte in a file name *is* an error condition, is > the PHP 8 behavior better than in PHP 7? I think the answer to this one is > very clearly "yes". The above code snippet and the subtle way in which it For me as a user that would be a very clear "no". Now if I have any usage of these functions in my existing code, I have to go and replace them with safe wrapper to ensure it doesn't bail out in random places. It may be the same for functions like fopen() where you have to error-check anyway, but for functions like is_* it's strictly worse. In fact, I am struggling to find a scenario where it's better for me as a user from the code robustness PoV - it's either the same or worse. > is broken is a great illustration of that. PHP 8 makes it obvious that the > cited code is incorrect. But it's not incorrect. if is_file("abc\0") returns false, it's correct - "abc\0" is not a correct filename, so I expect it to return false. It does exactly what I need, so it's correct. > Second, should a null byte in a file name be an error condition in the > first place? This is a point I'm not sure about. It would certainly be > possible to treat paths containing null bytes as non-existing paths, and > abstract away the fact that paths cannot contain null bytes, and that this > is a common attack vector. > > I'd personally lean towards not considering null bytes an error condition. This is a kind of philosophical question, like whether or not trying to open a file that doesn't exist is an "error condition". Throw-happy languages like Java think it is, other languages like C or PHP treat it in different way. But I think in any case what we've got in 8 with is_* is not an improvement. -- Stas Malyshev smalyshev@gmail.com