Fixed bug #52327 (base64_decode() improper handling of leading padding in strict mode)

2 files changed, 13 insertions, 1 deletions

diff --git a/ext/standard/base64.c b/ext/standard/base64.c
index 8e596b1221..192a08a43f 100644
--- a/ext/standard/base64.c
+++ b/ext/standard/base64.c
@@ -152,7 +152,7 @@ PHPAPI unsigned char *php_base64_decode_ex(const unsigned char *str, int length,
 	/* run through the whole string, converting as we go */
 	while ((ch = *current++) != '\0' && length-- > 0) {
 		if (ch == base64_pad) {
-			if (*current != '=' && (i % 4) == 1) {
+			if (*current != '=' && ((i % 4) == 1 || (strict && length > 0))) {
 				efree(result);
 				return NULL;
 			}
diff --git a/ext/standard/tests/url/bug52327.phpt b/ext/standard/tests/url/bug52327.phpt
new file mode 100644
index 0000000000..fb2e0fa25b
--- /dev/null
+++ b/ext/standard/tests/url/bug52327.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Bug #52327 (base64_decode() improper handling of leading padding)
+--FILE--
+<?php
+var_dump(
+	base64_decode('=VGhl=ICc9=JyBz=eW1i=b2xz=IGFy=ZW4n=dCBh=bGxv=d2Vk=IHdo=ZXJl=IGkg=cHV0=IHRo=ZW0g=by5P'),
+	base64_decode('=VGhl=ICc9=JyBz=eW1i=b2xz=IGFy=ZW4n=dCBh=bGxv=d2Vk=IHdo=ZXJl=IGkg=cHV0=IHRo=ZW0g=by5P', true)
+);
+?>
+--EXPECT--
+string(51) "The '=' symbols aren't allowed where i put them o.O"
+bool(false)