Merge pull request #1920 from sjinks/issue-1919

Fix #1919

CHANGELOG

@@ -95,7 +95,7 @@
  - Phalcon\Crypt:
    - Added support for various padding schemes (PKCS7, ANSI X.923, ISO 10126, ISO/IEC 7816-4, zero padding, space padding) to Phalcon\Crypt (#864, #887)
    - Reduced peak memory usage (#1237)
-   - encryptBase64() and decryptBase64() can optionally use RFC 4648 flavor of BASE64 (#1353)
+   - encryptBase64() and decryptBase64() can optionally use RFC 4648 flavor of BASE64 (#1353, #1919)
  - Phalcon\Db:
    - Added support for DECIMAL scale (#940)
    - Fixed invalid sequence names for PostgreSQL (#1022)

ext/crypt.c

@@ -23,6 +23,7 @@
 
 #include <ext/standard/php_smart_str.h>
 #include <ext/standard/php_string.h>
+#include <ext/standard/base64.h>
 
 #include "kernel/main.h"
 #include "kernel/memory.h"
@@ -636,27 +637,35 @@ PHP_METHOD(Phalcon_Crypt, encryptBase64){
  */
 PHP_METHOD(Phalcon_Crypt, decryptBase64){
 
-	zval *text, *key = NULL, *safe = NULL, *decrypt_text;
+	zval **text, **key = NULL, **safe = NULL, *decrypt_text;
+	char *decoded;
+	int decoded_len;
 
-	PHALCON_MM_GROW();
+	phalcon_fetch_params_ex(1, 2, &text, &key, &safe);
 
-	phalcon_fetch_params(1, 1, 2, &text, &key, &safe);
-
+	PHALCON_ENSURE_IS_STRING(text);
 	if (!key) {
-		key = PHALCON_GLOBAL(z_null);
+		key = &PHALCON_GLOBAL(z_null);
 	}
 
-	if (!safe) {
-		safe = PHALCON_GLOBAL(z_false);
+	if (safe && zend_is_true(*safe)) {
+		char *tmp = estrndup(Z_STRVAL_PP(text), Z_STRLEN_PP(text));
+		php_strtr(tmp, Z_STRLEN_PP(text), "-_", "+/", 2);
+		decoded = (char*)php_base64_decode((unsigned char*)tmp, Z_STRLEN_PP(text), &decoded_len);
+		efree(tmp);
+	}
+	else {
+		decoded = (char*)php_base64_decode((unsigned char*)(Z_STRVAL_PP(text)), Z_STRLEN_PP(text), &decoded_len);
 	}
 
-	if (zend_is_true(safe)) {
-		php_strtr(Z_STRVAL_P(text), Z_STRLEN_P(text), "-_", "+/", 2);
+	if (!decoded) {
+		RETURN_FALSE;
 	}
-
-	PHALCON_INIT_VAR(decrypt_text);
-	phalcon_base64_decode(decrypt_text, text);
-	phalcon_return_call_method_p2(this_ptr, "decrypt", decrypt_text, key);
+
+	PHALCON_MM_GROW();
+	PHALCON_ALLOC_GHOST_ZVAL(decrypt_text);
+	ZVAL_STRINGL(decrypt_text, decoded, decoded_len, 0);
+	phalcon_return_call_method_p2(this_ptr, "decrypt", decrypt_text, *key);
 	RETURN_MM();
 }
 

ext/tests/issue-1919.phpt

@@ -0,0 +1,21 @@
+--TEST--
+Phalcon\Crypt\decryptBase64() modifies its argument - https://github.com/phalcon/cphalcon/issues/1919
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+<?php if (!extension_loaded('mcrypt')) die('skip mcrypt extension is required'); ?>
+--FILE--
+<?php
+$crypt   = new \Phalcon\Crypt();
+$source  = 'Life is much too short to be intoxicated';
+$key     = 'very secret key';
+
+do {
+	$dest = $crypt->encryptBase64($source, $key, true);
+} while (false === strpos($dest, '-'));
+$copy = (string)$dest;
+$crypt->decryptBase64($dest, $key, true);
+
+var_dump($dest === $copy);
+?>
+--EXPECT--
+bool(true)