Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:115935
Return-Path: <cschneid@cschneid.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 35703 invoked from network); 3 Sep 2021 15:25:37 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 3 Sep 2021 15:25:37 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 52161180511
	for <internals@lists.php.net>; Fri,  3 Sep 2021 09:02:07 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
	SPF_NONE autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS1836 195.49.0.0/17
X-Spam-Virus: No
X-Envelope-From: <cschneid@cschneid.com>
Received: from darkcity.gna.ch (darkcity.gna.ch [195.49.47.11])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Fri,  3 Sep 2021 09:02:06 -0700 (PDT)
Received: from smtpclient.apple (unknown [IPv6:2a02:1205:502d:fa80:5cf1:8b5b:a823:3c77])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by darkcity.gna.ch (Postfix) with ESMTPSA id 31893151668F
	for <internals@lists.php.net>; Fri,  3 Sep 2021 18:02:04 +0200 (CEST)
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Date: Fri, 3 Sep 2021 18:02:04 +0200
References: <CADJ56BRPi_GHE7R70k-NdgQ6ea2ogLSe6Z6Eg-YGKpeYSmvhbQ@mail.gmail.com>
 <CAJvSBVP2pCT6wDNrpVDp=1_JQtrG=H2Y2fy8L-vcvgawhWstCw@mail.gmail.com>
 <CADJ56BSHDTZ86oRqMHfsB860WXsO3ORv7JVGArJx+Q7FN4nD5g@mail.gmail.com>
 <0A048A30-444F-4DB0-A79C-9EA9BD07B1EC@cschneid.com>
 <CADJ56BT=TDF2_fn5ci-=34cuMSeks5NzA4r5_5acVNum9PY_kw@mail.gmail.com>
 <CAF+90c-qjOvu6UefGGba2NdRkhRovWq1sUCOfs6+Odt1eLJm+Q@mail.gmail.com>
To: PHP internals <internals@lists.php.net>
In-Reply-To: <CAF+90c-qjOvu6UefGGba2NdRkhRovWq1sUCOfs6+Odt1eLJm+Q@mail.gmail.com>
Message-ID: <569E3A48-E3F5-46FA-BA08-D2493CE4FD33@cschneid.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Subject: Re: [PHP-DEV] Adding a way to disable the stat cache
From: cschneid@cschneid.com (Christian Schneider)

Am 03.09.2021 um 17:23 schrieb Nikita Popov <nikita.ppv@gmail.com>:
> Just to throw it out there: Maybe we should clear the stat cache when =
functions in the exec family are used? Even if we allow disabling the =
stat cache, I think we can easily avoid that particular footgun. And if =
calls to external binaries are involved we likely don't have to worry =
about stat overhead.

While this would make the foot gun a bit smaller it introduces more =
magic. I'm not completely against it but it feels dirty.
On top of that: I hope people using exec and friends are properly =
escaping parameters. Which in our case is a helper function where a =
clear_stat_cache() could easily be added in user land, making it =
explicit.

Side-note: We should teach people not to use exec style function when =
normal PHP functions work :-)
The following works fine:

<?php

touch("foo");
if (is_file('foo'))
    echo "Correct\n";

unlink("foo");
if (is_file('foo'))
    echo "Incorrect\n";

Sure, it was a contrived example but external programs should IMHO be =
avoided if (easily enough) possible.

But going back to the original topic: After thinking about it I'd rather =
completely remove the stat cache (after properly evaluating the impact) =
than adding a new mode to PHP. At least the behavior would then be a =
function of the PHP version, not the PHP version *and* an ini setting.

- Chris