Fixed
Details
Details
Assignee
Pothys - MitrahSoft
Pothys - MitrahSoftReporter
Dan Switzer, II
Dan Switzer, IIPriority
New Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Sprint
None
Affects versions
Created 2 September 2020 at 14:17
Updated 19 January 2023 at 06:46
Resolved 17 January 2022 at 15:08
The
binaryDecode()
&toBinary()
functions are decoding invalid base64 strings into binary objects. I would except an invalid base64 string to throw an exception, which is what happens in ACF 10+.For example:
binaryDecode("@@@@", "base64"); toBinary("@@@@");
I would expect both of these lines to fail, but instead Lucee happily converts these strings to an empty binary object. If you decode the strings back to Base64, you get an empty string:
binaryEncode(binaryDecode("@@@@", "base64"), "base64"); // empty string toBase64(toBinary("@@@@")); // empty string
Here's a Gist that shows the behavior:
https://www.trycf.com/gist/29932185013dddf447c130f1362452d9/lucee5?theme=monokai
If you run the code under an ACF engine, you will see that the "@@@@" string throws an exception, where as Lucee happily converts the invalid base64 string.
If you're on Java 8, you can run the following and see that @@@@ would throw an exception:
invalidBase64 = "@@@@"; Base64 = createObject("java", "java.util.Base64"); Decoder = Base64.getDecoder(); writeOutput(Decoder.decode(invalidBase64));