add padding option to base64_encode #13698
Conversation
|
I think base64url format would also be nice to have (using if (!function_exists('base64url_encode')) {
/**
* Base64 encode with only URL-safe characters
*
* @param string $data
* @return string
*/
function base64url_encode(string $data)
{
return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}
}
if (!function_exists('base64url_decode')) {
/**
* Bas64 decode with URL-safe characters
*
* @param string $data
* @return string|false
*/
function base64url_decode(string $data)
{
return base64_decode(
str_pad(
strtr($data, '-_', '+/'),
4 - ((strlen($data) % 4) ?: 4),
'=',
STR_PAD_RIGHT
)
);
}
}This alternate encoding is covered by RFC 4648: https://datatracker.ietf.org/doc/html/rfc4648#section-5 |
remicollet
force-pushed
the
base64_no_padding
branch
from
b944d13
to
4bb1a64
Compare
remicollet
changed the title
Yes, another "URL SAFE" option is interesting, but out of the scope of this PR (and more complex because of multiple optimized variants of the implementation), and also require change to base64_decode. |
| ZEND_PARSE_PARAMETERS_END(); | ||
|
|
||
| result = php_base64_encode((unsigned char*)str, str_len); | ||
| result = php_base64_encode_ex((unsigned char*)str, str_len, (padding ? 0 : PHP_BASE64_NO_PADDING)); |
There was a problem hiding this comment.
I guess you used a flag for future proofing in case a new option would be needed in the future, right? Personally, I'd be fine with a bool value, but I can also understand your POV :)
There was a problem hiding this comment.
Yes (see discussion about URL SAFE mode) and to avoid changing function prototype again in so much places ;)
|
LGTM. seeing the argument about the flag part, I m sold too :) |
|
If nobody cry, I plan to merge this later this week |
remicollet
force-pushed
the
base64_no_padding
branch
from
4bb1a64
to
b3c447d
Compare
|
rebased |
5 hours between that comment and the merge doesn't really leave time “to cry”. I find it not obvious that a new |
The discussion was about safe_url I only work on PADDING, because this was needed for another feature, see cfed1f7 |
|
If there's an objection, the user API change should be probably reverted and just kept the internal API change that can be still used for another feature. |
|
I guess the objection was more about using a flag for this rather than extra bool parameter. Personally I think that extra bool parameter is better but if there's no clear agreement, it needs to reverted and it needs RFC. I mean just the user API change. Inernal API (_ex function) is fine. |
From my understanding, Robert said that regular base64 without padding is not a thing and that is a relevant complaint about the userland API change.
Another alternative would be an enum specifying the variant: Note how that enum would disallow combining the Unpadded variant with the Standard alphabet, which might or might not be relevant. |
|
I wouldn't say that it's not a thing (we don't not require standards for everything) so as soon as there is a use case, it's a thing. And we have got an actual use in core for this. That said I agree that URL variant is more useful for users but don't think we should disallow standard unpadded version. In any case there is clearly no agreement about this so I think we should revert the user part of this change (not introduce padding argument) as we need an RFC for this. @remicollet can you revert that bit please? |
Reverted in 6c5814d Notice: I don't plan to care care of further changes or RFC. |
Make padding optional using
function base64_encode(string $string, bool $padding = true): string {}Also add
PHPAPI extern zend_string *php_base64_encode_ex(const unsigned char *, size_t, zend_long flags);php_base64_encodeis unchangedEncoding without padding is needed for ARGON2 password, see PR #13635
this will allow to simplify code in ext/openssl