ID: 45149
Comment by: mat at ucsc dot edu
Reported By: frode dot langvik at exense dot com
Status: No Feedback
Bug Type: Strings related
Operating System: *
PHP Version: 5.2.6
New Comment:
We are seeing this issue with base64_encode and base64_decode.
We have php 5.2.6 and the url string contains a '+' sign in the url
parameter, however, in php itself if we $_GET the same parameter the +
is replaced by a space. The base64_decode cannot use this value in php
5.2.6.
However, 5.0.4 (my other running reference) base64_decode can read the
blank. So the blank may be okay except that base64_decode seems to have
changed in the newer version.
Here is a test:
The url parameter is (has +):
YTozMDp7czo0OiJTVFJNIjtzOjQ6IjIxMDIiO3M6OToiQ0xBU1NfTkJSIjtzOjU6IjcyNTczIjtzOjEzOiJDTEFTU19TRUNUSU9OIjtzOjI6IjAxIjtzOjEzOiJDTEFTU19NVEdfTkJSIjtzOjE6IjEiO3M6MTI6IlNFU1NJT05fQ09ERSI7czoxOiIxIjtzOjEwOiJDTEFTU19TVEFUIjtzOjE6IkEiO3M6NzoiU1VCSkVDVCI7czo0OiJCSU9FIjtzOjExOiJDQVRBTE9HX05CUiI7czo0OiIgMTA3IjtzOjU6IkRFU0NSIjtzOjc6IkVjb2xvZ3kiO3M6MTM6IlNTUl9DT01QT05FTlQiO3M6MzoiTEVDIjtzOjEwOiJTVEFSVF9USU1FIjtzOjc6IjAyOjAwUE0iO3M6ODoiRU5EX1RJTUUiO3M6NzoiMDM6NDVQTSI7czo5OiJGQUNfREVTQ1IiO3M6MTQ6IkVpZ2h0IEFjYWQgMjQwIjtzOjM6Ik1PTiI7czoxOiJOIjtzOjQ6IlRVRVMiO3M6MToiWSI7czozOiJXRUQiO3M6MToiTiI7czo1OiJUSFVSUyI7czoxOiJZIjtzOjM6IkZSSSI7czoxOiJOIjtzOjM6IlNBVCI7czoxOiJOIjtzOjM6IlNVTiI7czoxOiJOIjtzOjk6IkVOUkxfU1RBVCI7czoxOiJPIjtzOjg6IldBSVRfVE9UIjtzOjE6IjAiO3M6ODoiRU5STF9DQVAiO3M6MjoiNzYiO3M6ODoiRU5STF9UT1QiO3M6MToiMCI7czo5OiJMQVNUX05BTUUiO3M6NToiTW9vcmUiO3M6MTA6IkZJUlNUX05BTUUiO3M6ODoiSm9uYXRoYW4iO3M6MTE6Ik1JRERMRV9OQU1FIjtzOjE6IlciO3M6MTY6IkNPTUJJTkVEX1NFQ1RJT04iO3M6MToiICI7czo1OiJUT1BJQyI7TjtzOjEyO!
iJESVNQTEFZX05BTUUiO3M6MjQ6IkVzdGVzLEouQS48YnI+TW9vcmUsSi5XLiI7fQ==
The $_GET value of this data dropps the + to look like this (in case
text wrap breaks on my space it is a space at column 1036):
YTozMDp7czo0OiJTVFJNIjtzOjQ6IjIxMDIiO3M6OToiQ0xBU1NfTkJSIjtzOjU6IjcyNTczIjtzOjEzOiJDTEFTU19TRUNUSU9OIjtzOjI6IjAxIjtzOjEzOiJDTEFTU19NVEdfTkJSIjtzOjE6IjEiO3M6MTI6IlNFU1NJT05fQ09ERSI7czoxOiIxIjtzOjEwOiJDTEFTU19TVEFUIjtzOjE6IkEiO3M6NzoiU1VCSkVDVCI7czo0OiJCSU9FIjtzOjExOiJDQVRBTE9HX05CUiI7czo0OiIgMTA3IjtzOjU6IkRFU0NSIjtzOjc6IkVjb2xvZ3kiO3M6MTM6IlNTUl9DT01QT05FTlQiO3M6MzoiTEVDIjtzOjEwOiJTVEFSVF9USU1FIjtzOjc6IjAyOjAwUE0iO3M6ODoiRU5EX1RJTUUiO3M6NzoiMDM6NDVQTSI7czo5OiJGQUNfREVTQ1IiO3M6MTQ6IkVpZ2h0IEFjYWQgMjQwIjtzOjM6Ik1PTiI7czoxOiJOIjtzOjQ6IlRVRVMiO3M6MToiWSI7czozOiJXRUQiO3M6MToiTiI7czo1OiJUSFVSUyI7czoxOiJZIjtzOjM6IkZSSSI7czoxOiJOIjtzOjM6IlNBVCI7czoxOiJOIjtzOjM6IlNVTiI7czoxOiJOIjtzOjk6IkVOUkxfU1RBVCI7czoxOiJPIjtzOjg6IldBSVRfVE9UIjtzOjE6IjAiO3M6ODoiRU5STF9DQVAiO3M6MjoiNzYiO3M6ODoiRU5STF9UT1QiO3M6MToiMCI7czo5OiJMQVNUX05BTUUiO3M6NToiTW9vcmUiO3M6MTA6IkZJUlNUX05BTUUiO3M6ODoiSm9uYXRoYW4iO3M6MTE6Ik1JRERMRV9OQU1FIjtzOjE6IlciO3M6MTY6IkNPTUJJTkVEX1NFQ1RJT04iO3M6MToiICI7czo1OiJUT1BJQyI7TjtzOjEyO!
iJESVNQTEFZX05BTUUiO3M6MjQ6IkVzdGVzLEouQS48YnI
TW9vcmUsSi5XLiI7fQ==
Using a bit of php one can try the base64_decode on both strings. It
will produce data with the +, but not with the space (5.2.6). Here is
the test case code with a space (be careful text will line break on the
space in some editors):
<?php //$Header: /opt/app/cvs/pisa/cs9/tst/sr9_2013/soc_detail.php,v
1.28 2009/10/28 21:52:44 pisa Exp $
$classdata =
'YTozMDp7czo0OiJTVFJNIjtzOjQ6IjIxMDIiO3M6OToiQ0xBU1NfTkJSIjtzOjU6IjcyNTczIjtzOjEzOiJDTEFTU19TRUNUSU9OIjtzOjI6IjAxIjtzOjEzOiJDTEFTU19NVEdfTkJSIjtzOjE6IjEiO3M6MTI6IlNFU1NJT05fQ09ERSI7czoxOiIxIjtzOjEwOiJDTEFTU19TVEFUIjtzOjE6IkEiO3M6NzoiU1VCSkVDVCI7czo0OiJCSU9FIjtzOjExOiJDQVRBTE9HX05CUiI7czo0OiIgMTA3IjtzOjU6IkRFU0NSIjtzOjc6IkVjb2xvZ3kiO3M6MTM6IlNTUl9DT01QT05FTlQiO3M6MzoiTEVDIjtzOjEwOiJTVEFSVF9USU1FIjtzOjc6IjAyOjAwUE0iO3M6ODoiRU5EX1RJTUUiO3M6NzoiMDM6NDVQTSI7czo5OiJGQUNfREVTQ1IiO3M6MTQ6IkVpZ2h0IEFjYWQgMjQwIjtzOjM6Ik1PTiI7czoxOiJOIjtzOjQ6IlRVRVMiO3M6MToiWSI7czozOiJXRUQiO3M6MToiTiI7czo1OiJUSFVSUyI7czoxOiJZIjtzOjM6IkZSSSI7czoxOiJOIjtzOjM6IlNBVCI7czoxOiJOIjtzOjM6IlNVTiI7czoxOiJOIjtzOjk6IkVOUkxfU1RBVCI7czoxOiJPIjtzOjg6IldBSVRfVE9UIjtzOjE6IjAiO3M6ODoiRU5STF9DQVAiO3M6MjoiNzYiO3M6ODoiRU5STF9UT1QiO3M6MToiMCI7czo5OiJMQVNUX05BTUUiO3M6NToiTW9vcmUiO3M6MTA6IkZJUlNUX05BTUUiO3M6ODoiSm9uYXRoYW4iO3M6MTE6Ik1JRERMRV9OQU1FIjtzOjE6IlciO3M6MTY6IkNPTUJJTkVEX1NFQ1RJT04iO3M6MToiICI7czo1OiJUT1BJQyI7TjtzOjEy!
OiJESVNQTEFZX05BTUUiO3M6MjQ6IkVzdGVzLEouQS48YnI
TW9vcmUsSi5XLiI7fQ==';
$class_result = base64_decode($classdata);
echo "<br/>After calling base64_decode ... <br/>";
echo '<pre>';
print_r($class_result);
echo '</pre>';
$class_result = unserialize($class_result);
echo "<br/>After unserialized ... <br/>";
echo '<pre>';
print_r($class_result);
echo "<br/>Start print class_resul ....<pre>";
print_r($class_result);
echo "</pre><br/>*****<br/>";
?>
Here is code with the + in the string:
<?php //$Header: /opt/app/cvs/pisa/cs9/tst/sr9_2013/soc_detail.php,v
1.28 2009/10/28 21:52:44 pisa Exp $
$classdata =
'YTozMDp7czo0OiJTVFJNIjtzOjQ6IjIxMDIiO3M6OToiQ0xBU1NfTkJSIjtzOjU6IjcyNTczIjtzOjEzOiJDTEFTU19TRUNUSU9OIjtzOjI6IjAxIjtzOjEzOiJDTEFTU19NVEdfTkJSIjtzOjE6IjEiO3M6MTI6IlNFU1NJT05fQ09ERSI7czoxOiIxIjtzOjEwOiJDTEFTU19TVEFUIjtzOjE6IkEiO3M6NzoiU1VCSkVDVCI7czo0OiJCSU9FIjtzOjExOiJDQVRBTE9HX05CUiI7czo0OiIgMTA3IjtzOjU6IkRFU0NSIjtzOjc6IkVjb2xvZ3kiO3M6MTM6IlNTUl9DT01QT05FTlQiO3M6MzoiTEVDIjtzOjEwOiJTVEFSVF9USU1FIjtzOjc6IjAyOjAwUE0iO3M6ODoiRU5EX1RJTUUiO3M6NzoiMDM6NDVQTSI7czo5OiJGQUNfREVTQ1IiO3M6MTQ6IkVpZ2h0IEFjYWQgMjQwIjtzOjM6Ik1PTiI7czoxOiJOIjtzOjQ6IlRVRVMiO3M6MToiWSI7czozOiJXRUQiO3M6MToiTiI7czo1OiJUSFVSUyI7czoxOiJZIjtzOjM6IkZSSSI7czoxOiJOIjtzOjM6IlNBVCI7czoxOiJOIjtzOjM6IlNVTiI7czoxOiJOIjtzOjk6IkVOUkxfU1RBVCI7czoxOiJPIjtzOjg6IldBSVRfVE9UIjtzOjE6IjAiO3M6ODoiRU5STF9DQVAiO3M6MjoiNzYiO3M6ODoiRU5STF9UT1QiO3M6MToiMCI7czo5OiJMQVNUX05BTUUiO3M6NToiTW9vcmUiO3M6MTA6IkZJUlNUX05BTUUiO3M6ODoiSm9uYXRoYW4iO3M6MTE6Ik1JRERMRV9OQU1FIjtzOjE6IlciO3M6MTY6IkNPTUJJTkVEX1NFQ1RJT04iO3M6MToiICI7czo1OiJUT1BJQyI7TjtzOjEy!
OiJESVNQTEFZX05BTUUiO3M6MjQ6IkVzdGVzLEouQS48YnI+TW9vcmUsSi5XLiI7fQ==';
$class_result = base64_decode($classdata);
echo "<br/>After calling base64_decode ... <br/>";
echo '<pre>';
print_r($class_result);
echo '</pre>';
$class_result = unserialize($class_result);
echo "<br/>After unserialized ... <br/>";
echo '<pre>';
print_r($class_result);
echo "<br/>Start print class_resul ....<pre>";
print_r($class_result);
echo "</pre><br/>*****<br/>";
?>
This will dump an array course data I generated. The only difference
is the space or +. In 5.0.4 it works with a space. The space is not
there in the URL in 5.2.6, but is after a $_GET on the parameter.
Previous Comments:
------------------------------------------------------------------------
[2008-11-10 21:04:15] phpbugs at samrowe dot com
I'm seeing this behavior on RHEL5's PHP-5.1.6-20.el5_2.1 when trying to
use JSON data-structures containing strings that contain '+'.
------------------------------------------------------------------------
[2008-11-03 01:00:02] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
------------------------------------------------------------------------
[2008-10-26 23:12:42] [email protected]
Please try using this CVS snapshot:
http://snaps.php.net/php5.2-latest.tar.gz
For Windows:
http://windows.php.net/snapshots/
------------------------------------------------------------------------
[2008-06-02 14:19:06] frode dot langvik at exense dot com
Description:
------------
When sending parameters in an url, the way of handling plus signs have
changed. In PHP 4.3.9 everything worked fine, but after upgrading to
version 5.2.6 it fails. In the test case will function base64_encode()
generate a plus sign in both php version 4.3.9 and 5.2.5, but in version
5.2.5 it seems that the url is broken and base64_decode() got wrong
value to work with. The test case includes some norwegian characters,
but I have also discovered it when using other characters.
Reproduce code:
---------------
<?php
if ($_GET['args'])
{
echo 'Result: '.unserialize(base64_decode($_GET['args']));
}
echo '<br><a
href="encode.php?args='.base64_encode(serialize('æøå')).'">Test
link</a>';
?>
Expected result:
----------------
Result: æøå
Actual result:
--------------
Result:
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=45149&edit=1
