Revert "Make validate=True by default in base64.b64decode()."

This reverts commit db32b32.

Author: serhiy-storchaka

Doc/library/base64.rst

@@ -72,7 +72,7 @@ POST request.
       Added the *wrapcol* parameter.
 
 
-.. function:: b64decode(s, altchars=None, validate=True)
+.. function:: b64decode(s, altchars=None, validate=False)
 
    Decode the Base64 encoded :term:`bytes-like object` or ASCII string
    *s* and return the decoded :class:`bytes`.
@@ -84,24 +84,15 @@ POST request.
    A :exc:`binascii.Error` exception is raised
    if *s* is incorrectly padded.
 
-   By default, non-alphabet characters in the input result in a
+   If *validate* is ``False`` (the default), characters that are neither
+   in the normal base-64 alphabet nor the alternative alphabet are
+   discarded prior to the padding check.  If *validate* is ``True``,
+   these non-alphabet characters in the input result in a
    :exc:`binascii.Error`.
-   If *validate* is false, characters that are neither in the normal base-64
-   alphabet nor the alternative alphabet are discarded prior to the padding
-   check, but the ``+`` and ``/`` characters keep their meaning if they are
-   not in *altchars* (they will be discarded in future Python versions).
 
-   For more information about the strict base64 check, see
-   :func:`binascii.a2b_base64`.
-
-   .. versionchanged:: next
-      *validate* is now ``True`` by default.
-      The ``+`` and ``/`` characters no longer preserve their meaning if they
-      are not in the alternative alphabet and *validate* is true.
-      :exc:`FutureWarning` is now emitted if the ``+`` or ``/`` characters
-      which are not in the alternative alphabet occur in the input and
-      *validate* is false.
+   For more information about the strict base64 check, see :func:`binascii.a2b_base64`
 
+   May assert or raise a :exc:`ValueError` if the length of *altchars* is not 2.
 
 .. function:: standard_b64encode(s)
 
@@ -114,9 +105,6 @@ POST request.
    Decode :term:`bytes-like object` or ASCII string *s* using the standard
    Base64 alphabet and return the decoded :class:`bytes`.
 
-   .. versionchanged:: next
-      Non-alphabet characters in the input result in a :exc:`binascii.Error`.
-
 
 .. function:: urlsafe_b64encode(s)
 
@@ -135,9 +123,6 @@ POST request.
    ``/`` in the standard Base64 alphabet, and return the decoded
    :class:`bytes`.
 
-   .. versionchanged:: next
-      Non-alphabet characters in the input result in a :exc:`binascii.Error`.
-
 
 .. function:: b32encode(s)
 

Doc/whatsnew/3.15.rst

@@ -1467,18 +1467,3 @@ that may require changes to your code.
   *dest* is now ``'foo'`` instead of ``'f'``.
   Pass an explicit *dest* argument to preserve the old behavior.
   (Contributed by Serhiy Storchaka in :gh:`138697`.)
-
-* :func:`base64.b64decode` now rejects all characters not in the base 64
-  alphabet by default.
-  You can pass the ``validate=False`` argument to get the old behavior.
-  If *validate* is false, :exc:`FutureWarning` is now emitted if the ``+`` or
-  ``/`` characters which are not in the alternative alphabet occur in the input.
-  To get rid of the potential warnings, either replace these characters with
-  the corresponding alternative characters (to keep the old behavior),
-  or remove them from the input (to get the future behavior).
-
-  In :func:`base64.b64decode` and :func:`base64.b64decode`, non-alphabet
-  characters in the input now result in a :exc:`binascii.Error`.
-  You can use :func:`base64.b64decode` with ``validate=False`` and optionally
-  the corresponding *altchars* argument to get the old behavior.
-  (Contributed by Serhiy Storchaka in :gh:`125346`.)

Lib/base64.py

@@ -62,7 +62,7 @@ def b64encode(s, altchars=None, *, wrapcol=0):
     return encoded
 
 
-def b64decode(s, altchars=None, validate=True):
+def b64decode(s, altchars=None, validate=False):
     """Decode the Base64 encoded bytes-like object or ASCII string s.
 
     Optional altchars must be a bytes-like object or ASCII string of length 2
@@ -89,8 +89,8 @@ def b64decode(s, altchars=None, validate=True):
         if validate:
             s = s.translate(bytes.maketrans(b'+/' + altchars, altchars + b'+/'))
         else:
-            for b in b'+/':
-                if b not in altchars and b in s:
+            for b in set(b'+/') - set(altchars):
+                if b in s:
                     badchar = b
                     break
             s = s.translate(bytes.maketrans(altchars, b'+/'))

Lib/test/test_base64.py

@@ -243,7 +243,7 @@ def test_b64decode(self):
                  b"YWI=": b"ab",
                  b"YWJj": b"abc",
                  b"YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXpBQkNE"
-                 b"RUZHSElKS0xNTk9QUVJTVFVWV1hZWjAxMjM0NT"
+                 b"RUZHSElKS0xNTk9QUVJTVFVWV1hZWjAxMjM0\nNT"
                  b"Y3ODkhQCMwXiYqKCk7Ojw+LC4gW117fQ==":
 
                  b"abcdefghijklmnopqrstuvwxyz"
@@ -313,31 +313,36 @@ def test_b64decode_invalid_chars(self):
                  (b'!', b''),
                  (b"YWJj\n", b"abc"),
                  (b'YWJj\nYWI=', b'abcab'))
+        funcs = (
+            base64.b64decode,
+            base64.standard_b64decode,
+            base64.urlsafe_b64decode,
+        )
         for bstr, res in tests:
-            with self.subTest(bstr=bstr):
-                for data in bstr, bstr.decode('ascii'):
-                    self.assertEqual(base64.b64decode(data, validate=False), res)
-                    self.assertRaises(binascii.Error, base64.b64decode, data)
-                    self.assertRaises(binascii.Error, base64.standard_b64decode, data)
-                    self.assertRaises(binascii.Error, base64.urlsafe_b64decode, data)
+            for func in funcs:
+                with self.subTest(bstr=bstr, func=func):
+                    self.assertEqual(func(bstr), res)
+                    self.assertEqual(func(bstr.decode('ascii')), res)
+            with self.assertRaises(binascii.Error):
+                base64.b64decode(bstr, validate=True)
+            with self.assertRaises(binascii.Error):
+                base64.b64decode(bstr.decode('ascii'), validate=True)
 
         # Normal alphabet characters will be discarded when alternative given
         with self.assertWarns(FutureWarning):
-            self.assertEqual(base64.b64decode(b'++++', altchars=b'-_', validate=False),
+            self.assertEqual(base64.b64decode(b'++++', altchars=b'-_'),
                              b'\xfb\xef\xbe')
         with self.assertWarns(FutureWarning):
-            self.assertEqual(base64.b64decode(b'////', altchars=b'-_', validate=False),
+            self.assertEqual(base64.b64decode(b'////', altchars=b'-_'),
                              b'\xff\xff\xff')
+        self.assertEqual(base64.urlsafe_b64decode(b'++++'), b'')
+        self.assertEqual(base64.urlsafe_b64decode(b'////'), b'')
         with self.assertRaises(binascii.Error):
-            base64.urlsafe_b64decode(b'++++')
-        with self.assertRaises(binascii.Error):
-            base64.urlsafe_b64decode(b'////')
-        with self.assertRaises(binascii.Error):
-            base64.b64decode(b'++++', altchars=b'-_')
+            base64.b64decode(b'++++', altchars=b'-_', validate=True)
         with self.assertRaises(binascii.Error):
-            base64.b64decode(b'////', altchars=b'-_')
+            base64.b64decode(b'////', altchars=b'-_', validate=True)
         with self.assertRaises(binascii.Error):
-            base64.b64decode(b'+/!', altchars=b'-_', validate=False)
+            base64.b64decode(b'+/!', altchars=b'-_')
 
     def _altchars_strategy():
         """Generate 'altchars' for base64 encoding."""

Misc/NEWS.d/next/Library/2025-11-06-12-03-29.gh-issue-125346.7Gfpgw.rst

@@ -0,0 +1,4 @@
+The ``+`` and ``/`` characters are no longer recognized as the part of the
+Base64 alphabet in :func:`base64.urlsafe_b64decode` and
+:func:`base64.b64decode` with the *altchars* argument that does not contain
+them.