5

当我尝试使用 base64_decode() 函数时收到以下警告

"Warning: base64_decode() has been disabled for security reasons"

看起来我的主机禁用了 base64_* 功能。

我有几个问题

  1. 我认为默认情况下可以在 php 中启用 base64_* 函数,对吗?
  2. 未启用 base64_* 功能是否有任何安全原因?有什么安全漏洞吗?
  3. 默认情况下可用的 base64_* 函数的替代方案?
  4. 在哪里可以找到用于 base64_* 实现的自定义类/函数,以便我可以将它们放在我的 PHP 文件中,并在 PHP 的 base64_* 函数不可用时使用它们?

帮助表示赞赏。

4

4 回答 4

9

我已经为所有 base64 目的编写了替代函数。

看这里:

function base64_decode($input) {
    $keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
    $chr1 = $chr2 = $chr3 = "";
    $enc1 = $enc2 = $enc3 = $enc4 = "";
    $i = 0;
    $output = "";

    // remove all characters that are not A-Z, a-z, 0-9, +, /, or =
    $filter = $input;
    $input = preg_replace("[^A-Za-z0-9\+\/\=]", "", $input);
    if ($filter != $input) {
        return false;
    }

    do {
        $enc1 = strpos($keyStr, substr($input, $i++, 1));
        $enc2 = strpos($keyStr, substr($input, $i++, 1));
        $enc3 = strpos($keyStr, substr($input, $i++, 1));
        $enc4 = strpos($keyStr, substr($input, $i++, 1));
        $chr1 = ($enc1 << 2) | ($enc2 >> 4);
        $chr2 = (($enc2 & 15) << 4) | ($enc3 >> 2);
        $chr3 = (($enc3 & 3) << 6) | $enc4;
        $output = $output . chr((int) $chr1);
        if ($enc3 != 64) {
            $output = $output . chr((int) $chr2);
        }
        if ($enc4 != 64) {
            $output = $output . chr((int) $chr3);
        }
        $chr1 = $chr2 = $chr3 = "";
        $enc1 = $enc2 = $enc3 = $enc4 = "";
    } while ($i < strlen($input));
    return urldecode($output);
}

function base64_encode($data) {
    $b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
    $o1 = $o2 = $o3 = $h1 = $h2 = $h3 = $h4 = $bits = $i = 0;
    $ac = 0;
    $enc = '';
    $tmp_arr = array();
    if (!$data) {
        return data;
    }
    do {
    // pack three octets into four hexets
    $o1 = charCodeAt($data, $i++);
    $o2 = charCodeAt($data, $i++);
    $o3 = charCodeAt($data, $i++);
    $bits = $o1 << 16 | $o2 << 8 | $o3;
    $h1 = $bits >> 18 & 0x3f;
    $h2 = $bits >> 12 & 0x3f;
    $h3 = $bits >> 6 & 0x3f;
    $h4 = $bits & 0x3f;
    // use hexets to index into b64, and append result to encoded string
    $tmp_arr[$ac++] = charAt($b64, $h1).charAt($b64, $h2).charAt($b64, $h3).charAt($b64, $h4);
    } while ($i < strlen($data));
    $enc = implode($tmp_arr, '');
    $r = (strlen($data) % 3);
    return ($r ? substr($enc, 0, ($r - 3)) . substr('===', $r) : $enc);
}

function charCodeAt($data, $char) {
    return ord(substr($data, $char, 1));
}

function charAt($data, $char) {
    return substr($data, $char, 1);
}

但不要忘记charCodeAtandcharAt函数。它们都是必要的base64_encode。这两个函数base64_encodebase64_decode像内置的 PHP 函数一样工作。但只有在内置的不可用时才使用它们,因为它们没有内置的快。

希望能帮助到你!

于 2014-11-19T19:12:32.830 回答
1

刚刚注册评论 jankal 的答案,但没有声誉就无法做到。

jankal 答案中函数 base64_encode 代码的最后一行是

return ($r ? substr($enc, 0, ($r - 3)) : $enc) . substr('===', ($r || 3));

其中 $r 可以是 0、1 或 2。据我了解,当 $r = 0 时,代码逻辑的 ($r || 3) 表达式值必须为 3,而在其他两种情况下为 $r,但实际上(PHP 5.6 /7.0) 这个表达式的值总是等于 1,所以我们的 BASE64 编码的字符串总是以两个 '=' 符号结尾,这肯定是错误的。

我的解决方案:

return ($r ? substr($enc, 0, ($r - 3)) . substr('===', $r) : $enc);
于 2016-11-06T07:38:02.813 回答
0 
function myencode($input)
    {
    $CODES = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";

    // the result/encoded string, the padding string, and the pad count
    $r = "";
    $p= "";
    $c = strlen($input) % 3;

    // add a right zero pad to make this string a multiple of 3 characters
    if ($c > 0) 
    {
        for (; $c < 3; $c++)
     {
        $p .= "=";
        $input .= "\0";
     }
    }

    // increment over the length of the string, three characters at a time
    for ($c = 0; $c < strlen($input); $c += 3) {

// we add newlines after every 76 output characters, according to the MIME specs

        if ($c > 0 && ($c / 3 * 4) % 76 == 0)
        $r += "\r\n";

// these three 8-bit (ASCII) characters become one 24-bit number
$n = (ord($input[$c]) << 16) + (ord($input[$c +1]) << 8) + (ord($input[$c +2]));


        // this 24-bit number gets separated into four 6-bit numbers
        $n1 = $n >> 18 & 63;
        $n2 = $n >> 12 & 63;
        $n3 = $n >> 6 & 63;
        $n4 = $n & 63;

 // those four 6-bit numbers are used as indices into the base64 character list

 $r .= "" . $CODES[$n1] . $CODES[$n2] . $CODES[$n3] . $CODES[$n4];

    }
    return substr($r,0,(strlen($r)-strlen($p))) . $p;
    }  



 function mydecode($input) {

 $CODES = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";

// remove/ignore any characters not in the base64 characters list
    // or the pad character -- particularly newlines

    $input= str_replace("[^" . $CODES . "=]","",$input);

    // replace any incoming padding with a zero pad (the 'A' character is  zero)
    $p = ($input[strlen($input) - 1] == '=' ?($input[strlen($input) - 2] == '=' ? "AA" : "A") : "");

    $r = "";
    $input = substr($input,0,(strlen($input) - strlen($p))) . $p;
// increment over the length of this encoded string, four characters at a time
    for ($c = 0; $c < strlen($input); $c += 4) {

// each of these four characters represents a 6-bit index in the
// base64 characters list which, when concatenated, will give the
// 24-bit number for the original 3 characters

         $n=(strpos($CODES,$input[$c]) << 18)
         +  (strpos($CODES,$input[$c+1]) << 12)
         +  (strpos($CODES,$input[$c+2]) << 6)
         +  (strpos($CODES,$input[$c+3]));


// split the 24-bit number into the original three 8-bit (ASCII) characters
$r .= "" . chr(($n >> 16) & 0xFF) . chr((($n >> 8) & 0xFF)) . chr(($n & 0xFF));

    }
    // remove any zero pad that was added to make this a multiple of 24 bits
        return substr($r,0, strlen($r)- strlen($p));
    }
于 2017-01-24T18:56:52.303 回答
-2

这是托管问题。

请更改您的主机或要求他们删除此安全问题

于 2012-04-19T17:48:03.100 回答