[question] Why do the File\Extension validator validate the presence of a file?

Question

[question] Why do the File\Extension validator validate the presence of a file?

Closed this issue 7 years ago · 0 comments

Is it really the job of the File\Extension validator to check that the file exists? Especially given that there already is a File\Exists validator.

I'm trying to write some tests for a class which inherits File\Extension, but the fact that the validator checks that the file exists makes it harder than I think it should be.

My problem is with these lines:

    // Is file readable ?
    if (empty($file) || false === stream_resolve_include_path($file)) {
        $this->error(self::NOT_FOUND);
        return false;
    }

A related question is why File\Extension uses stream_resolve_include_path instead of is_readable to check that the file exists. I can't think of a use case where you'd want to look in the include paths. To me it looks borderline security related, even though I can't think of a concrete threat right now.