ID: 37336
User updated by: cryogen at mac dot com
Reported By: cryogen at mac dot com
-Status: Feedback
+Status: Open
Bug Type: *Encryption and hash functions
Operating System: Mac OS X 10.4.6
PHP Version: 5.1.4
New Comment:
The reproduce code I put in my original post is the
functioning example. It represents 2 short scripts. Each
script start with two lines of comments. Just paste those
into your editor and save each one using the script name found
on the first comment line. It should be fairly easy to test
using the provided script to see the results.
Previous Comments:
------------------------------------------------------------------------
[2006-05-06 09:12:18] [EMAIL PROTECTED]
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc.
If possible, make the script source available online and provide
an URL to it here. Try to avoid embedding huge scripts into the report.
------------------------------------------------------------------------
[2006-05-06 00:19:47] cryogen at mac dot com
Description:
------------
I have been using base64_encode/decode for the past 2 years to
pass complex SQL statements in href links between scripts
running under php 5.0.4. After upgrading to 5.1.2 I
experienced errors and missing data using the same functions.
I get the same results in php 5.1.4.
It appears that data is being lost or garbled in either the
encode or decode.
This problem does NOT occur on our production server running
5.0.4.
NOTE: Unable to post code to reproduced bug on production
server as we cannot install 5.1.x if there is a problem. I
tried to keep it as short as possible and illustrate the bug.
Reproduce code:
---------------
// base64_bug1.php - Demo bug with base64_encode/decode
//--------------
$query = "SELECT DISTINCT class.class_no, class.status, class.class_id,
class.sess_group, class.short_desc, class.classroom, class.ages,
class.capacity, csc.beg_date, csc.end_date, csc.end_date_infinite_flag,
csc.open_sched_flag, ins.lname, ins.fname, CONCAT(ins.fname,'
',ins.lname) AS ins_full_name, csc.w_mon, csc.w_mon_time,
csc.w_mon_duration, csc.w_tue, csc.w_tue_time, csc.w_tue_duration,
csc.w_wed, csc.w_wed_time, csc.w_wed_duration, csc.w_thu,
csc.w_thu_time, csc.w_thu_duration, csc.w_fri, csc.w_fri_time,
csc.w_fri_duration, csc.w_sat, csc.w_sat_time, csc.w_sat_duration,
csc.w_sun, csc.w_sun_time, csc.w_sun_duration FROM class_sched_cfg AS
csc, class LEFT JOIN class_sched AS cs ON class.class_id = cs.class_id
LEFT JOIN class_instruct AS ci ON (class.class_id = ci.class_id AND
ci.primary_ins_flag = 1) LEFT JOIN instructor AS ins ON ci.ins_id =
ins.ins_id WHERE class.co_id = 55555 AND class.class_id = csc.class_id
AND (((cs.beg_time > '01:00:00' AND cs.beg_time < '23:00:00') OR
(cs.end_time > '01:00:00' AND cs.end_time < '23:00:00')) OR
(cs.beg_time <= '01:00:00' AND cs.end_time >= '23:00:00')) AND
sess_group LIKE 'spring/summer%' AND (class.status = 'A' AND CURDATE()
<= csc.end_date) ORDER by short_desc";
$tmp = base64_encode($query);
echo "<a href='base64_bug2.php?query=".$tmp."'>Pass Data</a>";
?>
// base64_bug2.php - Demo bug with base64_encode/decode
//--------------
echo "<b>We should get our original encoded Value back.<br/>Encoded
Value Prior to base64_decode:</b><br/> ".$_REQUEST['query'];
$query = base64_decode($_REQUEST['query']);
echo "<p><b>Value After base64_decode:</b><br/> ".$query;
echo "<p><a href='encode_bug1.php'>Back to Step 1</a>";
?>
Expected result:
----------------
I should have gotten my original SQL string back after
executing the base64_decode(). I get part of the string back
with the last couple lines garbled with crazy characters.
Actual result:
--------------
I get part of the original string back with the last couple
lines garbled with crazy characters. Here is the actual
output from script base64_bu2.php:
SELECT DISTINCT class.class_no, class.status,
class.class_id, class.sess_group, class.short_desc,
class.classroom, class.ages, class.capacity, csc.beg_date,
csc.end_date, csc.end_date_infinite_flag,
csc.open_sched_flag, ins.lname, ins.fname, CONCAT
(ins.fname,' ',ins.lname) AS ins_full_name, csc.w_mon,
csc.w_mon_time, csc.w_mon_duration, csc.w_tue,
csc.w_tue_time, csc.w_tue_duration, csc.w_wed,
csc.w_wed_time, csc.w_wed_duration, csc.w_thu,
csc.w_thu_time, csc.w_thu_duration, csc.w_fri,
csc.w_fri_time, csc.w_fri_duration, csc.w_sat,
csc.w_sat_time, csc.w_sat_duration, csc.w_sun,
csc.w_sun_time, csc.w_sun_duration FROM class_sched_cfg AS
csc, class LEFT JOIN class_sched AS cs ON class.class_id =
cs.class_id LEFT JOIN class_instruct AS ci ON
(class.class_id = ci.class_id AND ci.primary_ins_flag = 1)
LEFT JOIN instructor AS ins ON ci.ins_id = ins.ins_id WHERE
class.co_id = 55555 AND class.class_id = csc.class_id AND
(((cs.beg_time � Ì�N��� È�S��ÜËY×Ý�[YH�� ÌÎ���
ÊH�Ô
�ÜË[�Ý�[
YH� Ì�N��� È�S��ÜË[�Ý�[YH�� ÌÎ��� ÊJH�Ô
�ÜËY×Ý�[YH��H
Ì�N��� È�S��ÜË[�Ý�[YH�?H ÌÎ���
ÊJH�S��Ù\Ü×ÙÜÝ\���RÑH
ÜÜ�[ËÜÝ[[Y\IÈ�S� �Û�\ÜËÝ�]�\È�H ÐIÈ�S��ÕT�U�J H��H�ÜØË[�Ù�]�
JH�Ô�T�H�Ú�Ü?�Ù�\Ø
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=37336&edit=1
