I made a simple base64 decoder form, which takes in an input through a textarea. I assume the input is base64 encoded. If it isn't base64 input, and there's a PHP error or garbage is returned, I don't mind at the moment However, from a security perspective do I need to do any validation or sanitation on this input?
The page is called error-decoder.php, and it submits to itself, and doesn't interact with a database or anything else. Here is the whole thing:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title></title>
</head>
<body>
<div id="container" style="width: 80%; margin: 0 auto; font-family: sans-serif;">
<form name="error-decoder" action="error-decoder.php" method="post">
<textarea name="error-text-area" style="width: 100%; height: 400px;">
<?php if(!empty($_POST['error-text-area'])){ echo $_POST['error-text-area']; } ?>
</textarea>
<button type="submit" style="float: right;">Decode</button>
</form>
<?php
if(!empty($_POST['error-text-area'])){
?>
<p>Output:</p>
<hr>
<div id="error-output">
<br />
<?php
echo base64_decode($_POST['error-text-area']) . "</div>";
}
?>
</div>
</body>
</html>
Is there anything that needs to be done to make this safe either for the user or for my server? Are there important php.ini settings I need to worry about that would affect your answer? I don't care about errors or garbage except how it might affect security. Thanks for any info on this!
