Commit bb0967cc authored by Taylor Otwell's avatar Taylor Otwell

throw exception if padding is invalid.

parent 1324ba36
...@@ -131,9 +131,22 @@ class Crypter { ...@@ -131,9 +131,22 @@ class Crypter {
{ {
$pad = ord($value[($length = Str::length($value)) - 1]); $pad = ord($value[($length = Str::length($value)) - 1]);
if ($pad and $pad < static::$block)
{
// If the correct padding is present on the string, we will remove
// it and return the value. Otherwise, we'll throw an exception
// as the padding appears to have been changed.
if (preg_match('/'.chr($pad).'{'.$pad.'}$/', $value))
{
return substr($value, 0, $length - $pad); return substr($value, 0, $length - $pad);
} }
throw new \Exception("Decryption error. Padding is invalid.");
}
return $value;
}
/** /**
* Get the encryption key from the application configuration. * Get the encryption key from the application configuration.
* *
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment