throw exception if padding is invalid.

laravel/crypter.php

@@ -131,7 +131,20 @@ class Crypter {
 	{
 		$pad = ord($value[($length = Str::length($value)) - 1]);
 
-		return substr($value, 0, $length - $pad);
+		if ($pad and $pad < static::$block)
+		{
+			// If the correct padding is present on the string, we will remove
+			// it and return the value. Otherwise, we'll throw an exception
+			// as the padding appears to have been changed.
+			if (preg_match('/'.chr($pad).'{'.$pad.'}$/', $value))
+			{
+				return substr($value, 0, $length - $pad);
+			}
+
+			throw new \Exception("Decryption error. Padding is invalid.");
+		}
+
+		return $value;
 	}
 
 	/**