From: naish at klanen dot net Operating system: Suse Linux 9.0 (2.4.21) PHP version: 4.3.4 PHP Bug Type: URL related Bug description: base64_decode fails to follow RFC 3548 completely
Description: ------------ If a base64 encoded string contains a non-needed "=" at the end of the string base64_decode returns false even though the string has been correctly decoded. The standard for base64 even specifies that a file may contain non-needed padding chars. http://www.faqs.org/rfcs/rfc3548.html - snip - Furthermore, such specifications may consider the pad character, "=", as not part of the base alphabet until the end of the string. If more than the allowed number of pad characters are found at the end of the string, e.g., a base 64 string terminated with "===", the excess pad characters could be ignored. - /snip - The fix is simple. In ext/standard/base64.c insert the following code: if (ch == base64_pad) { switch(i % 4) { case 1: efree(result); return NULL; case 2: k++; case 3: result[k++] = 0; } } in the base64_decode function. Notice that the only thing I did was remove "case 0:" on line 191. Reproduce code: --------------- <?php $string=base64_encode("123456"); echo $string."\n"; //Insert a not-needed padding char. $string.="="; //This returns false even though $string is valid base64 var_dump(base64_decode($string)); ?> Expected result: ---------------- $string should been encoded to base64 and later decoded with 1 extra "=" added at the end. Actual result: -------------- PHP fails to decode the string properly. -- Edit bug report at http://bugs.php.net/?id=27460&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=27460&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=27460&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=27460&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=27460&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=27460&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=27460&r=needscript Try newer version: http://bugs.php.net/fix.php?id=27460&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=27460&r=support Expected behavior: http://bugs.php.net/fix.php?id=27460&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=27460&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=27460&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=27460&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=27460&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=27460&r=dst IIS Stability: http://bugs.php.net/fix.php?id=27460&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=27460&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=27460&r=float
