|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80119 base64_decode accept a malformed input
Submitted: 2020-09-17 22:20 UTC Modified: 2020-09-17 22:29 UTC
From: contact at roukmoute dot fr Assigned: cmb (profile)
Status: Not a bug Package: *URL Functions
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
 [2020-09-17 22:20 UTC] contact at roukmoute dot fr
I thought base64_decode would return false when a badly encoded string is provided.

No difference here in strict mode or not.

Test script:
$decodedData = base64_decode('qcOpw6nDqcOpw6k=');

if ($decodedData === false) {
    echo 'Malformed input';
} elseif (base64_decode('qcOpw6nDqcOpw6k=', true) === false) {
    echo 'Malformed input';
} else {
    echo $decodedData;

Expected result:
Malformed input

Actual result:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2020-09-17 22:29 UTC]
-Status: Open +Status: Not a bug -Package: *Encryption and hash functions +Package: *URL Functions -Assigned To: +Assigned To: cmb
 [2020-09-17 22:29 UTC]
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at and the instructions on how to report
a bug at

base64_decode() may produce binary data[1] (i.e. a string of bytes,
instead of characters in a particular encoding); see

[1] <>
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Feb 25 16:01:27 2024 UTC