|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25117 MD5 checksum should be checked case-insensitive
Submitted: 2003-08-17 09:48 UTC Modified: 2003-08-17 13:01 UTC
From: christian at wenz dot org Assigned: cellog (profile)
Status: Closed Package: PEAR related
PHP Version: 4.3.3RC3 OS: any
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: christian at wenz dot org
New email:
PHP Version: OS:


 [2003-08-17 09:48 UTC] christian at wenz dot org
the MD5 checksum in package.xml for a file only works with the PEAR installer when provided in lowercase. If capital letters (A-F) are used, a "bad checksum" warning is returned.

Reason: md5_file() seems to return MD5 checksums in lowercase, however some MD5 calculation tools (e.g. the command line tool at return checksums in upper case.
The "error" (if you can call it that way) is in line 276 of PEAR\Installer.php:

if ($md5sum == $atts['md5sum']) {

The following would eliminate the problem:

if ($md5sum == strtolower($atts['md5sum'])) {


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-08-17 13:01 UTC]
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at
In case this was a documentation problem, the fix will show up soon at

In case this was a website problem, the change will show
up on the site and on the mirror sites in short time.
Thank you for the report, and for helping us make PHP better.

thanks for the catch
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Nov 28 09:03:14 2021 UTC