Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:112467 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 95445 invoked from network); 8 Dec 2020 16:47:45 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 8 Dec 2020 16:47:45 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id DC4501804DD for ; Tue, 8 Dec 2020 08:16:56 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_20,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail-qv1-f51.google.com (mail-qv1-f51.google.com [209.85.219.51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Tue, 8 Dec 2020 08:16:56 -0800 (PST) Received: by mail-qv1-f51.google.com with SMTP id a13so3363417qvv.0 for ; Tue, 08 Dec 2020 08:16:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=newclarity-net.20150623.gappssmtp.com; s=20150623; h=from:content-transfer-encoding:mime-version:subject:date:references :to:in-reply-to:message-id; bh=Uym3ZOw5g8GGftoQm3BHXOhHHeTe0erkXjPwPvP2eWE=; b=xH6MOWLkGcrvMjCCeeLuutBAlkjJnUB92sZKRjnofvfk4NxDTlGIhxIra+ZFEsJbNB QoRpikASjoBdD57phCvQRwA/R9TJIocFBKVpQFU7zf/qPsCfqK/w12goSheJ9Ahrx0Cn xbple+3Pz+0KyzFWfV0rkKeEK1HVfQzUlYUETICLFUJMS+CUAPPNPyGNFsjEr1QZ+W1w HayyxfL5oqQIWEL7pxQoLZHJGhMM69L6Stq0VwRHVYXi+FoPOQUDpdJo5n07u+kP0YKs IaohPXovMy2KUGWFHViekZn2padZJScZCXkEvd0+CTQWCPOZ5dc9gWJeC7niP1CtmXGM gHyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:date:references:to:in-reply-to:message-id; bh=Uym3ZOw5g8GGftoQm3BHXOhHHeTe0erkXjPwPvP2eWE=; b=iFQ5S1T1wdR22OEwr4uSHjDkmwh3bBn6X4RCGGkm7wd+wa9PFDKWrBFNBZWMVFgMh0 64eMp7FH7wfwptD3WKBzN0jRmzHA+Vqfq+vmOzRjoWdCTQ8NuzilfatU6IMsIlZzotqQ h1TkYDa2Fo5cOx5hjUiW6uL7SJM42L5RvR+iEaGyvVMtc5DRXRDrosIx4caqnTyw2yer IBVA0ap5a4xUikl3Awy3y/DOyx3Bgg20xKHYCOuCfyXjKyFas9CgFPao6bRY0SHgweY1 0ncagbeqjlSYRkdMGp4cyLxmDwDa/+wZ6CrcKwICTL843Ztwm6jw+XO/CmX2u5+qJbkG Hq6g== X-Gm-Message-State: AOAM53192S6a8eaYnTIybAR5VdH+g1D0np3CiREXLlgHTnrXRL0DPF8x gITbUVOwOqJ/EUXJg5yjE9YLpKN6ihAL+JVa X-Google-Smtp-Source: ABdhPJwqJlVixN0TOxP9dZ2hIoO2iGTpGaCuxfC+BfrfB6SAsetHq9FtbRcOgRbq2hGgPWmI6kGPpw== X-Received: by 2002:a0c:9003:: with SMTP id o3mr27992521qvo.62.1607444212544; Tue, 08 Dec 2020 08:16:52 -0800 (PST) Received: from [192.168.1.226] (c-24-98-254-8.hsd1.ga.comcast.net. [24.98.254.8]) by smtp.gmail.com with ESMTPSA id 6sm4055967qko.3.2020.12.08.08.16.51 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 08 Dec 2020 08:16:51 -0800 (PST) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Date: Tue, 8 Dec 2020 11:16:50 -0500 References: To: PHP internals In-Reply-To: Message-ID: X-Mailer: Apple Mail (2.3608.120.23.2.4) Subject: Re: [PHP-DEV] PHP 8 is_file/is_dir input handling From: mike@newclarity.net (Mike Schinkel) > On Dec 1, 2020, at 12:18 PM, Aimeos | Norbert Sendetzky = wrote: >=20 > Hi internals >=20 > PHP 8 is stricter in checking input data then PHP 7. This is good but > has some side effects for is_file(), is_dir() and similar functions = when > invalid paths are passed for checking. >=20 > In PHP 7, this returns FALSE: >=20 > php -r 'var_dump(is_file("ab\0c"));' >=20 > In PHP 8, the same code throws a ValueException. Problem is now that > it's not possible to check upfront if the passed argument is a valid > path to avoid the exception being thrown. >=20 > My suggestion for simpler client side code would be to return FALSE in > this situation for PHP 8 too instead of throwing the ValueException. > Otherwise, it's not possible to use is_file() and related functions > without adding a try/catch block around in any web application. >=20 This is a general case of throwing exceptions in PHP whenever an = unwanted condition occurs, especially where code previously did not = throw an exception. The two schools of thought for error handling could be classified as: 1.) Throw for every unwanted condition and then handle later in a catch = block, and=20 2.) Handle every unwanted condition at the point it is discovered. =20 Some believe only one strategy is valid but others disagree, so I argue = there is no settled best practice. When a PHP function throws an error if forces developers to wrap in = try/catch, and the more functions throwing errors the more wrapping is = needed. Especially when the function could just have returned a false. It is extremely easy to throw an Exception for is_file() when try/catch = is needed, which is rare that an exception is needed for \0. When following best practices, having is_file() throw adds complexity to = every is_file() call, or developers to create their own safe_is_file() = as mentioned in the thread. In summary: 1. Please consider making is_file() return false for an embedded \0 and = no longer throw an exception or generate a warning. 2. Beyond is_file(), please consider allowing PHP to support both types = of error handling strategies without forcing complexity just to use the = 2nd strategy. -Mike=