Re: [PHP-DEV] Re: PHP 8 is_file/is_dir and imagecreatefromstring()

Wed, 02 Dec 2020 04:21:37 -0800 

so.. will the imagecreatefromstring() thing be fixed in 8.0.1 or 8.1.0 ?

On Wed, 2 Dec 2020 at 10:57, Nikita Popov <nikita....@gmail.com> wrote:
>
> On Wed, Dec 2, 2020 at 10:21 AM Aimeos | Norbert Sendetzky <
> norb...@aimeos.com> wrote:
>
> > Am 01.12.20 um 18:24 schrieb Christoph M. Becker:
> > > On 01.12.2020 at 18:18, Aimeos | Norbert Sendetzky wrote:
> > >
> > >> PHP 8 is stricter in checking input data then PHP 7. This is good but
> > >> has some side effects for is_file(), is_dir() and similar functions when
> > >> invalid paths are passed for checking.
> > >>
> > >> In PHP 7, this returns FALSE:
> > >>
> > >> php -r 'var_dump(is_file("ab\0c"));'
> > >>
> > >> In PHP 8, the same code throws a ValueException. Problem is now that
> > >> it's not possible to check upfront if the passed argument is a valid
> > >> path to avoid the exception being thrown.
> > >
> > > This is only about the NUL byte in the filename.  You can easily check
> > > for that yourself. :)
> >
> > If it's the only check that would throw a ValueException, then yes -
> > even if I think that is_file() should only return true/false to avoid
> > blown up code for checks that should be done by is_file().
> >
> > Now have a look at GD imagecreatefromstring() which has almost the same
> > issue. If you use:
> >
> > php -r 'var_dump(imagecreatefromstring('some data'));'
> >
> > you will get in PHP 7:
> >
> > PHP Warning:  imagecreatefromstring(): Empty string or invalid image in
> > Command line code on line 1
> > PHP Stack trace:
> > PHP   1. {main}() Command line code:0
> > PHP   2. imagecreatefromstring() Command line code:1
> > Command line code:1:
> > bool(false)
> >
> > and in PHP 8:
> >
> > PHP Fatal error:  Uncaught ValueError: imagecreatefromstring(): Argument
> > #1 ($data) cannot be empty in Command line code:1
> > Stack trace:
> > #0 Command line code(1): imagecreatefromstring()
> > #1 {main}
> >   thrown in Command line code on line 1
> >
> > How would you check the string upfront to be a valid image to avoid the
> > ValueException there?
> >
> > Also, the error in PHP 8 is wrong because the string isn't empty but not
> > a valid image or not supported by GD.
> >
>
> This was an implementation error, fixed in
> https://github.com/php/php-src/commit/a89aaf6c386679492e814cfbb5790142e29692fe.
> Thanks for the report!
>
> Nikita

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

Reply via email to