Hi!
So why having is_file()/is_dir() throw a warning for the past 8 years (since PHP 5.4) a non-issue? Because by that logic it shouldn't
Warning is a debugging functionality. Throwing is breaking the app and stopping the whole process. There's a fundamental difference between the two.
Would it have been fine if this would have been a TypeError as it was originally intended?
It's not a type error. PHP does not support such types. "string that is a valid filename" is not a type in PHP, thus TypeError would be misleading.
Is a warning fine because null bytes indicate a potential attack as in no sane context should null bytes be passed around?
A warning is fine because it does what it's supposed to do - fails the is_file check (which is literally only there to check if this string specifies a valid filename) while not breaking the app. Exception breaks the app.
So what we'll be seeing very soon is people creating userspace safe_is_* wrappers that would work around this "functionality", working against the language instead of being helped by it. This is not how it should be.
-- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
