[question] Why do the File\Extension validator validate the presence of a file?
Closed this issue · 0 comments
larsnystrom commented
Is it really the job of the File\Extension
validator to check that the file exists? Especially given that there already is a File\Exists
validator.
I'm trying to write some tests for a class which inherits File\Extension
, but the fact that the validator checks that the file exists makes it harder than I think it should be.
My problem is with these lines:
// Is file readable ?
if (empty($file) || false === stream_resolve_include_path($file)) {
$this->error(self::NOT_FOUND);
return false;
}
A related question is why File\Extension
uses stream_resolve_include_path
instead of is_readable
to check that the file exists. I can't think of a use case where you'd want to look in the include paths. To me it looks borderline security related, even though I can't think of a concrete threat right now.