ID: 36269
User updated by: jim at adicio dot com
Reported By: jim at adicio dot com
Status: Open
Bug Type: URL related
Operating System: *
PHP Version: 5.1.2
New Comment:
I also wanted to mention that calling preg_replace("/\s/",
"+", $_REQUEST['complexString']) before base64_decode() will
emulate the correct expected behavior.
Previous Comments:
------------------------------------------------------------------------
[2006-02-03 01:17:30] jim at adicio dot com
Description:
------------
This potential bug is very similar to bug report #36106
We recently upgraded php from 4.3.11 to 5.1.2 and discovered
that the base64_decode results are different for complex
strings sent as url paremeters
For example ?complexString=<someComplexStringHere>
However, this bug can only be reproduced when the data is sent
as a query string parameter or posted, but not reproducible
when the complex string is hard coded. More details are in the
comments of the sample code.
Reproduce code:
---------------
<?php
/**
Paste the following string as:
http://localhost/bugTest.php?complexString=<complexString>
http://localhost/bugTest.php?complexString=Kq00JbxAQAV9P6aBvE3JoIpHkfkMqp6qeDATf4yC5ZFd9xJPfSLoPSGvGKxRyS/z9dYNLA1PS8cXB2MLPWe4KW5mphBtpPrafZnn06nplxNOqDwa3ebjC43CF3jMZ0n3AUW/rU/Tdtb8OS1s1OkfEc9onsT7Cvo4QTijmRDMi6KirQahsbkNdYPQ0NnPuAbMEtu/64loalKlRd/9Z+7+KkrNzxJMTiXVHMT084DOp45nX4B8jQRO1bUqkDCAMntGCyS16F3mDukY4hrTF7T40ZYHA/FVSVh5vqiWAiVwa+D3Z7Lvm4aIQnwg0CKFf9ZNFgn40L3Itb9HqGTmay5IAr1+9CxTzLYzf5PCdc0h5Z6HS4jk1FgSpWC9JFaLLrBjYa3x8lZt91Lmf5q6ygHdbdN4dwNw8CFvJRVXLMrMNOmJRx/PrpUjl6sxdrJLogDZ8w1i3+FSsd6Au9KlicYCw7fDxWE4EWWE6PlBjak9zpFFRW4U+Q6NF8m65Esx0T0s8x62yoJwimwHAn3RlEkjBDkJDk0NXmYsdg6QZl/0O08NNWQuk2mxBUY4f9PJcP6/M1pmpXBk9jmH/FA02Dk5LQ==
*/
$data =$_REQUEST['complexString'];
echo 'md5 of $_REQUEST: ' . md5($data); //
0eb27567360d44463acf0828ae5b9c7b same on php 4.3.11 as php 5.1.2
echo "<br/>\n";
$b64 = base64_decode($data);
if ($b64){
echo 'md5 after base64_decode: ' . md5($b64); // this is different:
php 5.1.2=d506a6d5fa0e18eb471eda4d636ec282
php4.3.11=9e903ee99934d554828979fe2221dd3e
}
$complexStringHardCoded="Kq00JbxAQAV9P6aBvE3JoIpHkfkMqp6qeDATf4yC5ZFd9xJPfSLoPSGvGKxRyS/z9dYNLA1PS8cXB2MLPWe4KW5mphBtpPrafZnn06nplxNOqDwa3ebjC43CF3jMZ0n3AUW/rU/Tdtb8OS1s1OkfEc9onsT7Cvo4QTijmRDMi6KirQahsbkNdYPQ0NnPuAbMEtu/64loalKlRd/9Z+7+KkrNzxJMTiXVHMT084DOp45nX4B8jQRO1bUqkDCAMntGCyS16F3mDukY4hrTF7T40ZYHA/FVSVh5vqiWAiVwa+D3Z7Lvm4aIQnwg0CKFf9ZNFgn40L3Itb9HqGTmay5IAr1+9CxTzLYzf5PCdc0h5Z6HS4jk1FgSpWC9JFaLLrBjYa3x8lZt91Lmf5q6ygHdbdN4dwNw8CFvJRVXLMrMNOmJRx/PrpUjl6sxdrJLogDZ8w1i3+FSsd6Au9KlicYCw7fDxWE4EWWE6PlBjak9zpFFRW4U+Q6NF8m65Esx0T0s8x62yoJwimwHAn3RlEkjBDkJDk0NXmYsdg6QZl/0O08NNWQuk2mxBUY4f9PJcP6/M1pmpXBk9jmH/FA02Dk5LQ==";
echo "<br/>\n";
echo 'md5 of hard-coded complex string after base64_decode: ' .
md5(base64_decode($complexStringHardCoded)); //same md5 on php 4.3.11
as 5.1.2
?>
Expected result:
----------------
Same md5 checksums of base64_decoded string on php 4.3.11 as
5.1.2
Actual result:
--------------
Different md5 checksums of base64_decoded string on php 4.3.11
than 5.1.2
I'm inclined to believe the potential bug is in 5.1.2 because
this sample string represents encrypted data which was
successfully base64_decoded and decrypted in 4.3.11 but was
garbage in 5.1.2
Thanks!
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=36269&edit=1
