archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Require strict base64 in data URI

Browse source 
As the tests already show, the data URI wrapper is supposed to fail
for corrupt input, but for some reason, one case of invalid input is
still allowed to pass?! Strict base64 makes a lot more sense here.
Also, Chromium and Firefox fail on invalid base64, so it's a logical
choice for PHP as well.
This commit is contained in:
Lauri Kenttä 2016-07-11 12:40:03 +03:00 committed by Nikita Popov
parent f775199ac7
commit 7a02704c0e
2 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
ext/standard/tests/file/stream_rfc2397_006.phpt
View file

@ -26,7 +26,9 @@ NULL
Warning: file_get_contents() expects parameter 1 to be a valid path, string given in %s line %d
NULL
string(13) "foobar foobar"
Warning: file_get_contents(data:;base64,#Zm9vYmFyIGZvb2Jhcg==): failed to open stream: rfc2397: unable to decode in %sstream_rfc2397_006.php on line %d
bool(false)
Warning: file_get_contents(data:;base64,#Zm9vYmFyIGZvb2Jhc=): failed to open stream: rfc2397: unable to decode in %sstream_rfc2397_006.php on line %d
bool(false)

2
main/streams/memory.c
View file

@ -720,7 +720,7 @@ static php_stream * php_stream_url_wrap_rfc2397(php_stream_wrapper *wrapper, con
dlen--;
if (base64) {
base64_comma = php_base64_decode((const unsigned char *)comma, dlen);
base64_comma = php_base64_decode_ex((const unsigned char *)comma, dlen, 1);
if (!base64_comma) {
zval_ptr_dtor(&meta);
php_stream_wrapper_log_error(wrapper, options, "rfc2397: unable to decode");