summaryrefslogtreecommitdiff
path: root/main
diff options
context:
space:
mode:
authorLauri Kenttä <lauri.kentta@gmail.com>2016-07-11 12:40:03 +0300
committerNikita Popov <nikic@php.net>2016-07-22 18:03:55 +0200
commit7a02704c0ecdf4373c810760e70a424841619e0c (patch)
treec9076eab42da2e8137b872663b1a1c37cdc66576 /main
parentf775199ac70abef4bf7fa29c805d73df09131e21 (diff)
downloadphp-git-7a02704c0ecdf4373c810760e70a424841619e0c.tar.gz
Require strict base64 in data URI
As the tests already show, the data URI wrapper is supposed to fail for corrupt input, but for some reason, one case of invalid input is still allowed to pass?! Strict base64 makes a lot more sense here. Also, Chromium and Firefox fail on invalid base64, so it's a logical choice for PHP as well.
Diffstat (limited to 'main')
-rw-r--r--main/streams/memory.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/main/streams/memory.c b/main/streams/memory.c
index afa45c3968..a1af61e3f0 100644
--- a/main/streams/memory.c
+++ b/main/streams/memory.c
@@ -720,7 +720,7 @@ static php_stream * php_stream_url_wrap_rfc2397(php_stream_wrapper *wrapper, con
dlen--;
if (base64) {
- base64_comma = php_base64_decode((const unsigned char *)comma, dlen);
+ base64_comma = php_base64_decode_ex((const unsigned char *)comma, dlen, 1);
if (!base64_comma) {
zval_ptr_dtor(&meta);
php_stream_wrapper_log_error(wrapper, options, "rfc2397: unable to decode");