http://phptester.net/ yields the warning
WARNING base64_decode() has been disabled for security reasons
Why?
Besides the obvious vulnerabilities that have nothing to do with base64_decode (treating it as encryption, as a hash, evaluating base64_decoded data, etc) why would simply executing it be a security vulnerability?
why would simply executing it be a security vulnerability?
It's not.
base64_decode does exactly what you would expect: It decodes a string.
There are also no know vulnerabilities in it, nor have there been in the past (there was an integer overflow issue in base64_encode - CVE-2003-0861 - but PHP does not consider it a security issue).
I would assume that http://phptester.net/ bans it because it can be used to obfuscate data. They may have some filters in place to prevent execution of dangerous code and may worry that base64_decode could be used to bypassed these filters. I don't think that this is necessary or useful, but that might be their train of thought.
eval anyways, so it's not like you can stuff the output of base64_decode into eval.CommentedJan 28, 2017 at 0:12
if(strstr($code, "eval") !== false || strstr($code, "readfile") !== false || ...) {echo "Security fail!"; exit;}