PHP RFC: Fix base_convert() and related PHP lib functions


_php_math_basetozval(), which underlies the base_convert(), bindec(), octdec(), and hexdec() userspace functions, uses a custom parsing loop which ignores any characters in the input string which aren't in the [0-9a-zA-Z] set. This results in input strings containing garbage being quietly processed as though they were valid numeric strings, for example:

base_convert(1.5, 10, 10); -> 15
base_convert("&%^&%^#%#^%4#%#(%*!2#(%*", 10, 10); -> 42

Equally confusing, ordinals greater or equal to the base being converted are also ignored:

base_convert("12304560", 2, 10); -> 4


One of the following solutions:

  • A. Throw a Warning (or Notice) when unexpected characters are encountered, but continue as before
  • B. Throw a Warning and return FALSE on unexpected characters
  • C. Throw a Warning, stop processing, and return the value up to that point (strtol() behavior)
  • D. Throw an InvalidArgumentException

Targeting Version


rfc/base-convert.txt · Last modified: 2018/03/12 16:37 by pollita