Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:127833
X-Original-To: internals@lists.php.net
Delivered-To: internals@lists.php.net
Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5])
	by lists.php.net (Postfix) with ESMTPS id 3D9721A00BC
	for <internals@lists.php.net>; Wed,  2 Jul 2025 12:55:13 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail;
	t=1751460800; bh=zUnEvLhE1TLAG4/mn96d8JoYlDT8tDCgzr4kFpICdKE=;
	h=Date:From:To:Subject:In-Reply-To:References:From;
	b=fS1wejRuw7jje2UzgqvfynYrhgvGjfyEyOrAzGcLgzYy4ipb3UcjVh65QmHVhXiiT
	 40LYY5LxsckzwWiBIfO38RSApBnLGbEKvVlNvvMkeWgH49cwXyxjmqKSf7mbe0uWND
	 u8x4gVglaVDkRjADg6SWxK06BHRPgrRQGl9aBrQpUNnsNodZ4tLIQ0SeSvMN+3h+KR
	 8OHIhSjbVR6fUmmAo4xC3dUNoyORLNTLxhjCpTT/leVQIvqQQ0j86lI41b/MNrVmM9
	 rQYjx3bzIVugmba3k/R0UHPjg8HCyObpVQUcwUXHPZuVzT9/EDRgBconKiKrtrGPov
	 th3PbpJpAvZ2w==
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id A536E18053B
	for <internals@lists.php.net>; Wed,  2 Jul 2025 12:53:17 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_20,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_MISSING,RCVD_IN_DNSWL_LOW,
	SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no version=4.0.1
X-Spam-Virus: Error (Cannot connect to unix socket
	'/var/run/clamav/clamd.ctl': connect: Connection refused)
X-Envelope-From: <imsop.php@rwec.co.uk>
Received: from fhigh-a7-smtp.messagingengine.com (fhigh-a7-smtp.messagingengine.com [103.168.172.158])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Wed,  2 Jul 2025 12:53:17 +0000 (UTC)
Received: from phl-compute-03.internal (phl-compute-03.phl.internal [10.202.2.43])
	by mailfhigh.phl.internal (Postfix) with ESMTP id B6F1B1400179
	for <internals@lists.php.net>; Wed,  2 Jul 2025 08:55:09 -0400 (EDT)
Received: from phl-mailfrontend-01 ([10.202.2.162])
  by phl-compute-03.internal (MEProxy); Wed, 02 Jul 2025 08:55:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rwec.co.uk; h=cc
	:content-transfer-encoding:content-type:content-type:date:date
	:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to; s=fm2; t=1751460909;
	 x=1751547309; bh=zUnEvLhE1TLAG4/mn96d8JoYlDT8tDCgzr4kFpICdKE=; b=
	ci9JyKi/fw1G1Ex3OZvaRJAkK51YVbvEvvlVzG45qhBF99HIw6sHfVP5l9gXYdbz
	F/hCTXdQ2HaE86OQ91ZHHB17l8XprqJ8+W8U4j/m0tTUcNl8ESrQH9e2R2uvK3YJ
	xaQwqTgjm2X+GNC7JTeZyUEKfEYn3SAcpMvC2FsEjFU4O646pcaqw5UfHlAwQUy4
	ti3hsJKeVzC4bO7ivkQwzptuX1NeGrGWpT9GAYYTi118CcrXY2Z/9gSFSzPjkEJ/
	BLs8f/q61/uNPn16BTeO50Ja7Qqut8/fQw7wsOe5hgw6iP4Don7t9aTVaQyA7JOR
	iy1vwvykfDwhV+E8hmlpxg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:content-type
	:content-type:date:date:feedback-id:feedback-id:from:from
	:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:subject:subject:to:to:x-me-proxy:x-me-sender
	:x-me-sender:x-sasl-enc; s=fm2; t=1751460909; x=1751547309; bh=z
	UnEvLhE1TLAG4/mn96d8JoYlDT8tDCgzr4kFpICdKE=; b=I/IKwBWPEm85kJKVG
	0UJ+YFJdefI/jlD4qM6RjlC1PAPPIiaX2y/sNes5HdeJHfVeSN8+iyZp+xQZ1d+B
	R6l+IDPUm2CJ1DVvv8K0nekuar1F2M6KL8cRbefENDnEEByKHLiEJJOOhem5pkpS
	HGXyt+LSCiCaaUHdA0plp68Rrj6bnFBPnV42/3qIabCWULkE3wTgvpV8/0gsclss
	aII44x445wrRqU+Zbiszw7rTGJ6Uv+1wrB24Ci8mKJd+7p4dKC5ASB2rQ2TSEOQm
	dR6odfRR+IcDkcGZQGEflnrnQCvRyhf17ZTnzHSKefUL5HXp5FQGhEGUQeBl0ZzM
	ws3Jg==
X-ME-Sender: <xms:LSxlaJfXKiyLApu1JDqxgVo5mgEhGHhWYQpgNRqjK8U0oWgl_un9DA>
    <xme:LSxlaHORGUVJYTAXGAr5Q0_DebPdMHaIX75aqfSuNkUZ6yzgFjpF9LXuuaLb7UwIS
    s_ZhMLml-JT8FEbr04>
X-ME-Received: <xmr:LSxlaCiY9CuzzLpKRqFOiyt2xr9uEv5FZxin_lquS6n-pKNzm5yQmZCOokqvdkOo8bteEVcKrmBJ4Y11fuPQBmE>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdefgddujeeghecutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr
    ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjug
    hrpeffhffvufgfjghfkfggtgfgsehtqhhmtddtreejnecuhfhrohhmpedftfhofigrnhcu
    vfhomhhmihhnshculgfkoffuohfrngdfuceoihhmshhophdrphhhphesrhifvggtrdgtoh
    druhhkqeenucggtffrrghtthgvrhhnpeehudevvdekgfelfeeggfejfeduieehgefguefh
    feefudejveeggeevveetkeejvdenucffohhmrghinheprhhftgdqvgguihhtohhrrdhorh
    hgpdhphhhprdhnvghtnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghi
    lhhfrhhomhepihhmshhophdrphhhphesrhifvggtrdgtohdruhhkpdhnsggprhgtphhtth
    hopedupdhmohguvgepshhmthhpohhuthdprhgtphhtthhopehinhhtvghrnhgrlhhssehl
    ihhsthhsrdhphhhprdhnvght
X-ME-Proxy: <xmx:LSxlaC8lnLFFNb-_4ru0QXiTsOG4saHBZssqYkTkxpwt2SeqvSPWwA>
    <xmx:LSxlaFvTey6_hjKl7eARdMwq8-LshiYtThuIrCs72kM100GC0v5sRQ>
    <xmx:LSxlaBFcZ01iDc19cyqWN17x1sN0BNhSc0WEZhj7T2sXkw9GrPHR0A>
    <xmx:LSxlaMMKA-IsoMQRQbdMnityRoJgAbQNyF8KCJReRbzt5XceNcebjQ>
    <xmx:LSxlaG9eJrllIhPTstE8rLnh0M1s9pRFHq5eX-_zkKUO1tDdQ2Rs5o3L>
Feedback-ID: id5114917:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <internals@lists.php.net>; Wed, 2 Jul 2025 08:55:08 -0400 (EDT)
Date: Wed, 02 Jul 2025 13:55:07 +0100
To: PHP Internals List <internals@lists.php.net>
Subject: =?US-ASCII?Q?Re=3A_=5BPHP-DEV=5D_=5BRFC=5D=5BDISCUSSION=5D_Add_?=
 =?US-ASCII?Q?RFC_4648_compliant_data_encoding_API?=
User-Agent: K-9 Mail for Android
In-Reply-To: <CAOV5rgaKkR-y3Hu9Fs0_ty2wT5MoYLDJ_OTH-nDBA-g__t4VEA@mail.gmail.com>
References: <CAOV5rgZjxhe+75YD13wWFRNghbS4fbUrJVouPtbUv9RdpKSAXw@mail.gmail.com> <348856E5-6A4E-455A-81AE-882832170168@rwec.co.uk> <CAOV5rgaKkR-y3Hu9Fs0_ty2wT5MoYLDJ_OTH-nDBA-g__t4VEA@mail.gmail.com>
Message-ID: <AE53E18F-A195-4D40-8BD1-D75AAFE07F92@rwec.co.uk>
Precedence: bulk
list-help: <mailto:internals+help@lists.php.net
list-unsubscribe: <mailto:internals+unsubscribe@lists.php.net>
list-post: <mailto:internals@lists.php.net>
List-Id: internals.lists.php.net
x-ms-reactions: disallow
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
From: imsop.php@rwec.co.uk ("Rowan Tommins [IMSoP]")



On 1 July 2025 22:27:14 BST, ignace nyamagana butera <nyamsprod@gmail=2Eco=
m> wrote:]=20
>- The current base64_decode function operates in a lenient mode by defaul=
t,
>accepting characters outside the valid Base64 alphabet and ignoring
>the padding character wherever it is in the string=2E
>
> base64_decode('dG9=3D=3D=3D0bw??', false); // returns 'toto'
>
>However, the newly proposed lenient mode aligns with the stricter
>recommendations of RFC 4648, Section 12
><https://www=2Erfc-editor=2Eorg/rfc/rfc4648=2Ehtml#section-12> which advi=
se
>rejecting inputs containing invalid characters due to potential security
>concerns=2E=20


That makes total sense, and I support both the choice of default and stand=
ard-compliant implementation=2E However, it feels like it will be hard to d=
ocument why people should stop using the long-established functions, and ex=
actly what the difference is=2E Putting off the problem until a later RFC i=
s just inviting confusion until then=2E

Perhaps we should include an option in the new API to emulate the old beha=
viour, named as "legacy" or "unsafe" and immediately soft-deprecated with a=
 note in the manual, similar to the MT_RAND_PHP mode in the Randomizer API =
<https://www=2Ephp=2Enet/manual/en/random-engine-mt19937=2Econstruct=2Ephp>

Then the legacy base64_decode function could have a note like:=20

> This function always uses Mode::LegacyUnsafe, and its use is discouraged=
; consider using the newer Encoding\base64_decode with Mode::Strict or Mode=
::Lenient instead=2E

And the main documentation for Encoding\base64_decode could explain all th=
ree modes side by side=2E

What do you think?
Rowan Tommins
[IMSoP]