diff options
author | Lauri Kenttä <lauri.kentta@gmail.com> | 2016-07-11 12:40:03 +0300 |
---|---|---|
committer | Nikita Popov <nikic@php.net> | 2016-07-22 18:03:55 +0200 |
commit | 7a02704c0ecdf4373c810760e70a424841619e0c (patch) | |
tree | c9076eab42da2e8137b872663b1a1c37cdc66576 /main | |
parent | f775199ac70abef4bf7fa29c805d73df09131e21 (diff) | |
download | php-git-7a02704c0ecdf4373c810760e70a424841619e0c.tar.gz |
Require strict base64 in data URI
As the tests already show, the data URI wrapper is supposed to fail
for corrupt input, but for some reason, one case of invalid input is
still allowed to pass?! Strict base64 makes a lot more sense here.
Also, Chromium and Firefox fail on invalid base64, so it's a logical
choice for PHP as well.
Diffstat (limited to 'main')
-rw-r--r-- | main/streams/memory.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/main/streams/memory.c b/main/streams/memory.c index afa45c3968..a1af61e3f0 100644 --- a/main/streams/memory.c +++ b/main/streams/memory.c @@ -720,7 +720,7 @@ static php_stream * php_stream_url_wrap_rfc2397(php_stream_wrapper *wrapper, con dlen--; if (base64) { - base64_comma = php_base64_decode((const unsigned char *)comma, dlen); + base64_comma = php_base64_decode_ex((const unsigned char *)comma, dlen, 1); if (!base64_comma) { zval_ptr_dtor(&meta); php_stream_wrapper_log_error(wrapper, options, "rfc2397: unable to decode"); |