[Blahagun]

normal.php is a perfectly valid php file. Sure, it doesn't contain php code but that doesn't make it invalid php file. If it did have <?php somewhere and if the following wasn't a syntactically valid PHP code, then you could say it's not a valid php file.

[sim7c00]

yeah ok fair point. from the interpreter perspective. but that is not the tool which checks security. in that context validity is determined by another tool, which will look beyond merely being interpretable by the php interpreter.

its funny often web basted languages have this property tho , i mean, how else you gonna poison logs and execute them :')... js and php are just adorable for providing opportunities :D