php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #1897 quoted_printable_decode doesn't work properly.
Submitted: 1999-07-27 17:50 UTC Modified: 2001-02-10 15:46 UTC
From: bfranklin at dct dot com Assigned:
Status: Closed Package: Misbehaving function
PHP Version: 3.0.11 OS: Solaris 2.7
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: bfranklin at dct dot com
New email:
PHP Version: OS:

 

 [1999-07-27 17:50 UTC] bfranklin at dct dot com 
quoted_printable_decode doesn't properly handle soft line breaks or encoded data that has been padded with whitespace at the end of a line.

Here is a patch to fix this problem:
--- php-3.0.11/functions/quot_print.c.orig      Wed Jun 16 06:34:22 1999
+++ php-3.0.11/functions/quot_print.c   Tue Jul 27 16:47:45 1999
@@ -94,11 +94,18 @@
                           + _php3_hex2int((int)str[i+2]);
                i += 3;
        }
-       else if ( str[i] == 13 )
+       else if ( str[i] == '=' && str[i+1] == 13 )
        {
-               i++;
+              i+=2;
        }
-       else
+      else if ( str[i] == 13 && (str[i-1] == 9 || str[i-1] == 32) )
+      {
+              while ( str[j] == 9 || str[j] == 32 )
+                      j--;
+              j++;
+              str[j++] = str[i++];
+      }
+      else
        {
                str[j++] = str[i++];
        }

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [1999-07-28 20:25 UTC] bfranklin at dct dot com 
quoted_printable_decode doesn't properly handle soft line breaks or encoded data that has been padded with whitespace at the end of a line.

The first patch I gave has some major flaws in it.  Here is a much improved one:
 --- functions/quot_print.c.orig Wed Jun 16 06:34:22 1999
+++ functions/quot_print.c      Wed Jul 28 19:15:29 1999
@@ -94,11 +94,23 @@
                           + _php3_hex2int((int)str[i+2]);
                i += 3;
        }
-       else if ( str[i] == 13 )
-       {
-               i++;
-       }
-       else
+      else if ( str[i] == '=' )
+      {
+        if( str[i+1] == 10 || str[i+1] == 13 )
+          i+=2;
+        else if( str[i+1] == 13 && str[i+2] == 10 )
+          i+=3;
+        else
+          str[j++] = str[i++]; /* prevent infinite loop on invalid input */
+      }
+      else if ( (str[i] == 9 || str[i] == 32) && str[i+1] == 13 )
+      {
+              while ( (str[j] == 9 || str[j] == 32) && j>0 )
+                      j--;
+              j++;  i++;
+              str[j++] = str[i++];
+      }
+      else
        {
                str[j++] = str[i++];
        }
 [1999-07-29 10:31 UTC] bfranklin at dct dot com 
quoted_printable_decode doesn't properly handle soft line breaks or encoded data that has been padded with whitespace at the end of a line.

The first patch I gave has some major flaws in it.  Here is a much improved one:
 --- functions/quot_print.c.orig Wed Jun 16 06:34:22 1999
+++ functions/quot_print.c      Wed Jul 28 19:15:29 1999
@@ -94,11 +94,23 @@
                           + _php3_hex2int((int)str[i+2]);
                i += 3;
        }
-       else if ( str[i] == 13 )
-       {
-               i++;
-       }
-       else
+      else if ( str[i] == '=' )
+      {
+        if( str[i+1] == 10 || str[i+1] == 13 )
+          i+=2;
+        else if( str[i+1] == 13 && str[i+2] == 10 )
+          i+=3;
+        else
+          str[j++] = str[i++]; /* prevent infinite loop on invalid input */
+      }
+      else if ( (str[i] == 9 || str[i] == 32) && str[i+1] == 13 )
+      {
+              while ( (str[j] == 9 || str[j] == 32) && j>0 )
+                      j--;
+              j++;  i++;
+              str[j++] = str[i++];
+      }
+      else
        {
                str[j++] = str[i++];
        }
 [1999-11-11 19:29 UTC] joey at cvs dot php dot net 
Can you provide a test case? Can you verify whether bug is still in 3.0.12?
Setting as "Analyzed" until more info is available.
 [2001-02-10 15:46 UTC] jimw@php.net 
no feedback, closing.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Jul 01 19:01:37 2025 UTC