php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #1897 quoted_printable_decode doesn't work properly.
Submitted: 1999-07-27 17:50 UTC Modified: 2001-02-10 15:46 UTC
From: bfranklin at dct dot com Assigned:
Status: Closed Package: Misbehaving function
PHP Version: 3.0.11 OS: Solaris 2.7
Private report: No CVE-ID: None
View Developer Edit
 [1999-07-27 17:50 UTC] bfranklin at dct dot com 
quoted_printable_decode doesn't properly handle soft line breaks or encoded data that has been padded with whitespace at the end of a line.

Here is a patch to fix this problem:
--- php-3.0.11/functions/quot_print.c.orig      Wed Jun 16 06:34:22 1999
+++ php-3.0.11/functions/quot_print.c   Tue Jul 27 16:47:45 1999
@@ -94,11 +94,18 @@
                           + _php3_hex2int((int)str[i+2]);
                i += 3;
        }
-       else if ( str[i] == 13 )
+       else if ( str[i] == '=' && str[i+1] == 13 )
        {
-               i++;
+              i+=2;
        }
-       else
+      else if ( str[i] == 13 && (str[i-1] == 9 || str[i-1] == 32) )
+      {
+              while ( str[j] == 9 || str[j] == 32 )
+                      j--;
+              j++;
+              str[j++] = str[i++];
+      }
+      else
        {
                str[j++] = str[i++];
        }

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [1999-07-28 20:25 UTC] bfranklin at dct dot com 
quoted_printable_decode doesn't properly handle soft line breaks or encoded data that has been padded with whitespace at the end of a line.

The first patch I gave has some major flaws in it.  Here is a much improved one:
 --- functions/quot_print.c.orig Wed Jun 16 06:34:22 1999
+++ functions/quot_print.c      Wed Jul 28 19:15:29 1999
@@ -94,11 +94,23 @@
                           + _php3_hex2int((int)str[i+2]);
                i += 3;
        }
-       else if ( str[i] == 13 )
-       {
-               i++;
-       }
-       else
+      else if ( str[i] == '=' )
+      {
+        if( str[i+1] == 10 || str[i+1] == 13 )
+          i+=2;
+        else if( str[i+1] == 13 && str[i+2] == 10 )
+          i+=3;
+        else
+          str[j++] = str[i++]; /* prevent infinite loop on invalid input */
+      }
+      else if ( (str[i] == 9 || str[i] == 32) && str[i+1] == 13 )
+      {
+              while ( (str[j] == 9 || str[j] == 32) && j>0 )
+                      j--;
+              j++;  i++;
+              str[j++] = str[i++];
+      }
+      else
        {
                str[j++] = str[i++];
        }
 [1999-07-29 10:31 UTC] bfranklin at dct dot com 
quoted_printable_decode doesn't properly handle soft line breaks or encoded data that has been padded with whitespace at the end of a line.

The first patch I gave has some major flaws in it.  Here is a much improved one:
 --- functions/quot_print.c.orig Wed Jun 16 06:34:22 1999
+++ functions/quot_print.c      Wed Jul 28 19:15:29 1999
@@ -94,11 +94,23 @@
                           + _php3_hex2int((int)str[i+2]);
                i += 3;
        }
-       else if ( str[i] == 13 )
-       {
-               i++;
-       }
-       else
+      else if ( str[i] == '=' )
+      {
+        if( str[i+1] == 10 || str[i+1] == 13 )
+          i+=2;
+        else if( str[i+1] == 13 && str[i+2] == 10 )
+          i+=3;
+        else
+          str[j++] = str[i++]; /* prevent infinite loop on invalid input */
+      }
+      else if ( (str[i] == 9 || str[i] == 32) && str[i+1] == 13 )
+      {
+              while ( (str[j] == 9 || str[j] == 32) && j>0 )
+                      j--;
+              j++;  i++;
+              str[j++] = str[i++];
+      }
+      else
        {
                str[j++] = str[i++];
        }
 [1999-11-11 19:29 UTC] joey at cvs dot php dot net 
Can you provide a test case? Can you verify whether bug is still in 3.0.12?
Setting as "Analyzed" until more info is available.
 [2001-02-10 15:46 UTC] jimw@php.net 
no feedback, closing.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Nov 06 13:00:01 2025 UTC