From: cryogen at mac dot com Operating system: Mac OS X 10.4.6 PHP version: 5.1.4 PHP Bug Type: *Encryption and hash functions Bug description: base64_encode/decode bug
Description: ------------ I have been using base64_encode/decode for the past 2 years to pass complex SQL statements in href links between scripts running under php 5.0.4. After upgrading to 5.1.2 I experienced errors and missing data using the same functions. I get the same results in php 5.1.4. It appears that data is being lost or garbled in either the encode or decode. This problem does NOT occur on our production server running 5.0.4. NOTE: Unable to post code to reproduced bug on production server as we cannot install 5.1.x if there is a problem. I tried to keep it as short as possible and illustrate the bug. Reproduce code: --------------- // base64_bug1.php - Demo bug with base64_encode/decode //-------------- $query = "SELECT DISTINCT class.class_no, class.status, class.class_id, class.sess_group, class.short_desc, class.classroom, class.ages, class.capacity, csc.beg_date, csc.end_date, csc.end_date_infinite_flag, csc.open_sched_flag, ins.lname, ins.fname, CONCAT(ins.fname,' ',ins.lname) AS ins_full_name, csc.w_mon, csc.w_mon_time, csc.w_mon_duration, csc.w_tue, csc.w_tue_time, csc.w_tue_duration, csc.w_wed, csc.w_wed_time, csc.w_wed_duration, csc.w_thu, csc.w_thu_time, csc.w_thu_duration, csc.w_fri, csc.w_fri_time, csc.w_fri_duration, csc.w_sat, csc.w_sat_time, csc.w_sat_duration, csc.w_sun, csc.w_sun_time, csc.w_sun_duration FROM class_sched_cfg AS csc, class LEFT JOIN class_sched AS cs ON class.class_id = cs.class_id LEFT JOIN class_instruct AS ci ON (class.class_id = ci.class_id AND ci.primary_ins_flag = 1) LEFT JOIN instructor AS ins ON ci.ins_id = ins.ins_id WHERE class.co_id = 55555 AND class.class_id = csc.class_id AND (((cs.beg_time > '01:00:00' AND cs.beg_time < '23:00:00') OR (cs.end_time > '01:00:00' AND cs.end_time < '23:00:00')) OR (cs.beg_time <= '01:00:00' AND cs.end_time >= '23:00:00')) AND sess_group LIKE 'spring/summer%' AND (class.status = 'A' AND CURDATE() <= csc.end_date) ORDER by short_desc"; $tmp = base64_encode($query); echo "<a href='base64_bug2.php?query=".$tmp."'>Pass Data</a>"; ?> // base64_bug2.php - Demo bug with base64_encode/decode //-------------- echo "<b>We should get our original encoded Value back.<br/>Encoded Value Prior to base64_decode:</b><br/> ".$_REQUEST['query']; $query = base64_decode($_REQUEST['query']); echo "<p><b>Value After base64_decode:</b><br/> ".$query; echo "<p><a href='encode_bug1.php'>Back to Step 1</a>"; ?> Expected result: ---------------- I should have gotten my original SQL string back after executing the base64_decode(). I get part of the string back with the last couple lines garbled with crazy characters. Actual result: -------------- I get part of the original string back with the last couple lines garbled with crazy characters. Here is the actual output from script base64_bu2.php: SELECT DISTINCT class.class_no, class.status, class.class_id, class.sess_group, class.short_desc, class.classroom, class.ages, class.capacity, csc.beg_date, csc.end_date, csc.end_date_infinite_flag, csc.open_sched_flag, ins.lname, ins.fname, CONCAT (ins.fname,' ',ins.lname) AS ins_full_name, csc.w_mon, csc.w_mon_time, csc.w_mon_duration, csc.w_tue, csc.w_tue_time, csc.w_tue_duration, csc.w_wed, csc.w_wed_time, csc.w_wed_duration, csc.w_thu, csc.w_thu_time, csc.w_thu_duration, csc.w_fri, csc.w_fri_time, csc.w_fri_duration, csc.w_sat, csc.w_sat_time, csc.w_sat_duration, csc.w_sun, csc.w_sun_time, csc.w_sun_duration FROM class_sched_cfg AS csc, class LEFT JOIN class_sched AS cs ON class.class_id = cs.class_id LEFT JOIN class_instruct AS ci ON (class.class_id = ci.class_id AND ci.primary_ins_flag = 1) LEFT JOIN instructor AS ins ON ci.ins_id = ins.ins_id WHERE class.co_id = 55555 AND class.class_id = csc.class_id AND (((cs.beg_time ÌN ÈSÜËY×Ý[YH ÌÎ ÊHÔ ÜË[Ý[ YH ÌN ÈSÜË[Ý[YH ÌÎ ÊJHÔ ÜËY×Ý[YHH ÌN ÈSÜË[Ý[YH?H ÌÎ ÊJHSÙ\Ü×ÙÜÝ\RÑH ÜÜ[ËÜÝ[[Y\IÈS Û\ÜËÝ]\ÈH ÐIÈSÕTUJ HHÜØË[Ù] JHÔTHÚÜ?Ù\Ø -- Edit bug report at http://bugs.php.net/?id=37336&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=37336&r=trysnapshot44 Try a CVS snapshot (PHP 5.1): http://bugs.php.net/fix.php?id=37336&r=trysnapshot51 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=37336&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=37336&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=37336&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=37336&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=37336&r=needscript Try newer version: http://bugs.php.net/fix.php?id=37336&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=37336&r=support Expected behavior: http://bugs.php.net/fix.php?id=37336&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=37336&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=37336&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=37336&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=37336&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=37336&r=dst IIS Stability: http://bugs.php.net/fix.php?id=37336&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=37336&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=37336&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=37336&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=37336&r=mysqlcfg