Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:115935 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 35703 invoked from network); 3 Sep 2021 15:25:37 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 3 Sep 2021 15:25:37 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 52161180511 for ; Fri, 3 Sep 2021 09:02:07 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_NONE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS1836 195.49.0.0/17 X-Spam-Virus: No X-Envelope-From: Received: from darkcity.gna.ch (darkcity.gna.ch [195.49.47.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Fri, 3 Sep 2021 09:02:06 -0700 (PDT) Received: from smtpclient.apple (unknown [IPv6:2a02:1205:502d:fa80:5cf1:8b5b:a823:3c77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by darkcity.gna.ch (Postfix) with ESMTPSA id 31893151668F for ; Fri, 3 Sep 2021 18:02:04 +0200 (CEST) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\)) Date: Fri, 3 Sep 2021 18:02:04 +0200 References: <0A048A30-444F-4DB0-A79C-9EA9BD07B1EC@cschneid.com> To: PHP internals In-Reply-To: Message-ID: <569E3A48-E3F5-46FA-BA08-D2493CE4FD33@cschneid.com> X-Mailer: Apple Mail (2.3654.120.0.1.13) Subject: Re: [PHP-DEV] Adding a way to disable the stat cache From: cschneid@cschneid.com (Christian Schneider) Am 03.09.2021 um 17:23 schrieb Nikita Popov : > Just to throw it out there: Maybe we should clear the stat cache when = functions in the exec family are used? Even if we allow disabling the = stat cache, I think we can easily avoid that particular footgun. And if = calls to external binaries are involved we likely don't have to worry = about stat overhead. While this would make the foot gun a bit smaller it introduces more = magic. I'm not completely against it but it feels dirty. On top of that: I hope people using exec and friends are properly = escaping parameters. Which in our case is a helper function where a = clear_stat_cache() could easily be added in user land, making it = explicit. Side-note: We should teach people not to use exec style function when = normal PHP functions work :-) The following works fine: