php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #80119 base64_decode accept a malformed input
Submitted: 2020-09-17 22:20 UTC Modified: 2020-09-17 22:29 UTC
From: contact at roukmoute dot fr Assigned: cmb (profile)
Status: Not a bug Package: *URL Functions
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Developer Edit
 [2020-09-17 22:20 UTC] contact at roukmoute dot fr 
Description:
------------
I thought base64_decode would return false when a badly encoded string is provided.

No difference here in strict mode or not.

Test script:
---------------
$decodedData = base64_decode('qcOpw6nDqcOpw6k=');

if ($decodedData === false) {
    echo 'Malformed input';
} elseif (base64_decode('qcOpw6nDqcOpw6k=', true) === false) {
    echo 'Malformed input';
} else {
    echo $decodedData;
}

Expected result:
----------------
Malformed input

Actual result:
--------------
�ééééé

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-09-17 22:29 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Package: *Encryption and hash functions +Package: *URL Functions -Assigned To: +Assigned To: cmb
 [2020-09-17 22:29 UTC] cmb@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

base64_decode() may produce binary data[1] (i.e. a string of bytes,
instead of characters in a particular encoding); see
<https://3v4l.org/T0jTg>.

[1] <https://www.php.net/manual/en/function.base64-decode.php#refsect1-function.base64-decode-returnvalues>
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Oct 24 03:00:02 2025 UTC