RSS Feed/News validateSubscriptionDetails() does not stictly validate key and token

Status
Not open for further replies.
ENXF NET

ENXF NET

Administrator
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P.S Member
S.V.I.P Member
V.I.P Member
Collaborate
Registered
Joined
Nov 13, 2018
Messages
30,892
Points
823

Reputation:

\XF\Repository\UserPushRepository::validateSubscriptionDetails() does not validate if key and token are fully valid Base64.

This allows invalid values to be stored in the DB causing possible errors like
Code:

Code: 
InvalidArgumentException: Invalid data provided src/vendor/spomky-labs/base64url/src/Base64Url.php:51

#0 src/vendor/minishlink/web-push/src/Encryption.php(82): Base64Url\Base64Url::decode('<redacted>')
when sending notifications.

Continue reading...
 
Status
Not open for further replies.
Top