|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #36269 Output of base64_decode differes between 4.3.11 and 5.1.2
Submitted: 2006-02-03 01:17 UTC Modified: 2006-02-03 06:42 UTC
From: jim at adicio dot com Assigned:
Status: Not a bug Package: URL related
PHP Version: 5.1.2 OS: *
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: jim at adicio dot com
New email:
PHP Version: OS:


 [2006-02-03 01:17 UTC] jim at adicio dot com
This potential bug is very similar to bug report #36106

We recently upgraded php from 4.3.11 to 5.1.2 and discovered 
that the base64_decode results are different for complex 
strings sent as url paremeters 

For example ?complexString=<someComplexStringHere>

However, this bug can only be reproduced when the data is sent 
as a query string parameter or posted, but not reproducible 
when the complex string is hard coded. More details are in the 
comments of the sample code.

Reproduce code:
 Paste the following string as: http://localhost/bugTest.php?complexString=<complexString>

$data =$_REQUEST['complexString'];
echo 'md5 of $_REQUEST: ' . md5($data); // 0eb27567360d44463acf0828ae5b9c7b   same on php 4.3.11 as php 5.1.2
echo "<br/>\n";
$b64 =  base64_decode($data);
if ($b64){
  echo 'md5 after base64_decode: ' .  md5($b64); // this is different: php 5.1.2=d506a6d5fa0e18eb471eda4d636ec282  php4.3.11=9e903ee99934d554828979fe2221dd3e

echo "<br/>\n";
echo 'md5 of hard-coded complex string after base64_decode: ' . md5(base64_decode($complexStringHardCoded)); //same md5 on php 4.3.11 as 5.1.2

Expected result:
Same md5 checksums of base64_decoded string on php 4.3.11 as 

Actual result:
Different md5 checksums of base64_decoded string on php 4.3.11 
than 5.1.2

I'm inclined to believe the potential bug is in 5.1.2 because 
this sample string represents encrypted data which was 
successfully base64_decoded and decrypted in 4.3.11 but was 
garbage in 5.1.2



Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2006-02-03 02:04 UTC] jim at adicio dot com
I also wanted to mention that calling preg_replace("/\s/", 
"+", $_REQUEST['complexString']) before base64_decode() will 
emulate the correct expected behavior.
 [2006-02-03 06:42 UTC]
See bug #34214.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue May 28 11:01:32 2024 UTC