throw exception if padding is invalid.
This commit is contained in:
Taylor Otwell
@@ -131,7 +131,20 @@ class Crypter {
|
|||||||
{
|
{
|
||||||
$pad = ord($value[($length = Str::length($value)) - 1]);
|
$pad = ord($value[($length = Str::length($value)) - 1]);
|
||||||
|
|
||||||
return substr($value, 0, $length - $pad);
|
if ($pad and $pad < static::$block)
|
||||||
|
{
|
||||||
|
// If the correct padding is present on the string, we will remove
|
||||||
|
// it and return the value. Otherwise, we'll throw an exception
|
||||||
|
// as the padding appears to have been changed.
|
||||||
|
if (preg_match('/'.chr($pad).'{'.$pad.'}$/', $value))
|
||||||
|
{
|
||||||
|
return substr($value, 0, $length - $pad);
|
||||||
|
}
|
||||||
|
|
||||||
|
throw new \Exception("Decryption error. Padding is invalid.");
|
||||||
|
}
|
||||||
|
|
||||||
|
return $value;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Reference in New Issue
Block a user