|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2006-02-03 01:17 UTC] jim at adicio dot com
Description: ------------ This potential bug is very similar to bug report #36106 We recently upgraded php from 4.3.11 to 5.1.2 and discovered that the base64_decode results are different for complex strings sent as url paremeters For example ?complexString=<someComplexStringHere> However, this bug can only be reproduced when the data is sent as a query string parameter or posted, but not reproducible when the complex string is hard coded. More details are in the comments of the sample code. Reproduce code: --------------- <?php /** Paste the following string as: http://localhost/bugTest.php?complexString=<complexString> http://localhost/bugTest.php?complexString=Kq00JbxAQAV9P6aBvE3JoIpHkfkMqp6qeDATf4yC5ZFd9xJPfSLoPSGvGKxRyS/z9dYNLA1PS8cXB2MLPWe4KW5mphBtpPrafZnn06nplxNOqDwa3ebjC43CF3jMZ0n3AUW/rU/Tdtb8OS1s1OkfEc9onsT7Cvo4QTijmRDMi6KirQahsbkNdYPQ0NnPuAbMEtu/64loalKlRd/9Z+7+KkrNzxJMTiXVHMT084DOp45nX4B8jQRO1bUqkDCAMntGCyS16F3mDukY4hrTF7T40ZYHA/FVSVh5vqiWAiVwa+D3Z7Lvm4aIQnwg0CKFf9ZNFgn40L3Itb9HqGTmay5IAr1+9CxTzLYzf5PCdc0h5Z6HS4jk1FgSpWC9JFaLLrBjYa3x8lZt91Lmf5q6ygHdbdN4dwNw8CFvJRVXLMrMNOmJRx/PrpUjl6sxdrJLogDZ8w1i3+FSsd6Au9KlicYCw7fDxWE4EWWE6PlBjak9zpFFRW4U+Q6NF8m65Esx0T0s8x62yoJwimwHAn3RlEkjBDkJDk0NXmYsdg6QZl/0O08NNWQuk2mxBUY4f9PJcP6/M1pmpXBk9jmH/FA02Dk5LQ== */ $data =$_REQUEST['complexString']; echo 'md5 of $_REQUEST: ' . md5($data); // 0eb27567360d44463acf0828ae5b9c7b same on php 4.3.11 as php 5.1.2 echo "<br/>\n"; $b64 = base64_decode($data); if ($b64){ echo 'md5 after base64_decode: ' . md5($b64); // this is different: php 5.1.2=d506a6d5fa0e18eb471eda4d636ec282 php4.3.11=9e903ee99934d554828979fe2221dd3e } $complexStringHardCoded="Kq00JbxAQAV9P6aBvE3JoIpHkfkMqp6qeDATf4yC5ZFd9xJPfSLoPSGvGKxRyS/z9dYNLA1PS8cXB2MLPWe4KW5mphBtpPrafZnn06nplxNOqDwa3ebjC43CF3jMZ0n3AUW/rU/Tdtb8OS1s1OkfEc9onsT7Cvo4QTijmRDMi6KirQahsbkNdYPQ0NnPuAbMEtu/64loalKlRd/9Z+7+KkrNzxJMTiXVHMT084DOp45nX4B8jQRO1bUqkDCAMntGCyS16F3mDukY4hrTF7T40ZYHA/FVSVh5vqiWAiVwa+D3Z7Lvm4aIQnwg0CKFf9ZNFgn40L3Itb9HqGTmay5IAr1+9CxTzLYzf5PCdc0h5Z6HS4jk1FgSpWC9JFaLLrBjYa3x8lZt91Lmf5q6ygHdbdN4dwNw8CFvJRVXLMrMNOmJRx/PrpUjl6sxdrJLogDZ8w1i3+FSsd6Au9KlicYCw7fDxWE4EWWE6PlBjak9zpFFRW4U+Q6NF8m65Esx0T0s8x62yoJwimwHAn3RlEkjBDkJDk0NXmYsdg6QZl/0O08NNWQuk2mxBUY4f9PJcP6/M1pmpXBk9jmH/FA02Dk5LQ=="; echo "<br/>\n"; echo 'md5 of hard-coded complex string after base64_decode: ' . md5(base64_decode($complexStringHardCoded)); //same md5 on php 4.3.11 as 5.1.2 ?> Expected result: ---------------- Same md5 checksums of base64_decoded string on php 4.3.11 as 5.1.2 Actual result: -------------- Different md5 checksums of base64_decoded string on php 4.3.11 than 5.1.2 I'm inclined to believe the potential bug is in 5.1.2 because this sample string represents encrypted data which was successfully base64_decoded and decrypted in 4.3.11 but was garbage in 5.1.2 Thanks! PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat Apr 20 05:01:27 2024 UTC |
I also wanted to mention that calling preg_replace("/\s/", "+", $_REQUEST['complexString']) before base64_decode() will emulate the correct expected behavior.