Edit report at https://bugs.php.net/bug.php?id=64162&edit=1
ID: 64162 Updated by: ras...@php.net Reported by: rob at neovidamedia dot com Summary: Extra characters added to base64_decode() output -Status: Open +Status: Not a bug Type: Bug Package: *Encryption and hash functions Operating System: Windows 7 PHP Version: Irrelevant Block user comment: N Private report: N New Comment: You can't arbitrarily add random characters to the base64-encoded string and expect to get sensible output. You are adding 1 char before and 3 after to your encoded string, but then you do base64_decode(substr($pass, 1, (strlen($pass) - 2))) meaning you only remove 2 of those appended chars before you decode. Make that strlen()-3 and your problems go away. The fact that it differs across versions is irrelevant since you are not passing in a valid base64 encoded string. Previous Comments: ------------------------------------------------------------------------ [2013-02-06 16:00:19] bobwei9 at hotmail dot com But whatever; there is also an error in your script: $final = base64_decode(substr($pass, 1, (strlen($pass) - 4))); would be right. ____ However, somewhere between 5.3.15 and trunk, base64_decode()-handling of invalid characters (after the last =) has changed... ------------------------------------------------------------------------ [2013-02-06 15:52:17] bobwei9 at hotmail dot com Effectively. On PHP 5.3 there is a byte with \x02 and on trunk \x07... Alone this difference must be a bug... ------------------------------------------------------------------------ [2013-02-06 11:10:30] rob at neovidamedia dot com Description: ------------ --- >From manual page: http://www.php.net/function.base64-decode --- Run this code, and notice the output for 'Decoded' -- it looks the same as 'Original', but it is not. Select it (the result), copy it, and paste it into notepad or something, and you will see a bonus character at the end. It seems to be related to the string length of $a, and the fact that it contains a number at its end, but I could be wrong. I ran about one hundred different scenario tests, and got some funky results. PS - I am running PHP 5.2.17, but that is what my host offers. Don't think I can upgrade on my own ... Test script: --------------- $a = "Proteussing88"; function randLetter() { $int = rand(0,61); $a_z = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"; $rand_letter = $a_z[$int]; return $rand_letter; } $pass = randLetter() . base64_encode($a) . randLetter() . randLetter() . randLetter(); $db_pass = base64_decode(substr($pass, 1, (strlen($pass) - 2))); $final = substr($db_pass, 0, (strlen($db_pass) - 1)); echo 'Original: ' . $a . '<br />Encoded: ' . $pass . '<br />Decoded: ' . $final; Expected result: ---------------- The visual result is fine, but in the background a special character is being added to the final string variable. Actual result: -------------- The final string variable looks right, but only in a browser. Paste it into notepad or any other text editor, and you get an unexpected special character at its end. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=64162&edit=1
