diff options
| author | Brent Shaffer <betterbrent@google.com> | 2017-06-21 14:51:26 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-06-21 14:51:26 -0700 |
| commit | d67523fd6a2da172a196fe41a73ba5d4b563619f (patch) | |
| tree | 89c4bcebae4aab32efd291580240286f4e17f3dd /src | |
| parent | b2a53166f9e2d8958be837e1b368c0897fc52a77 (diff) | |
| download | php-jwt-d67523fd6a2da172a196fe41a73ba5d4b563619f.zip php-jwt-d67523fd6a2da172a196fe41a73ba5d4b563619f.tar.gz php-jwt-d67523fd6a2da172a196fe41a73ba5d4b563619f.tar.bz2 | |
Detect invalid Base64 encoding in signature (#162)
Diffstat (limited to 'src')
| -rw-r--r-- | src/JWT.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/JWT.php b/src/JWT.php index 814afc0..cb1ca7d 100644 --- a/src/JWT.php +++ b/src/JWT.php @@ -87,8 +87,9 @@ class JWT if (null === $payload = static::jsonDecode(static::urlsafeB64Decode($bodyb64))) { throw new UnexpectedValueException('Invalid claims encoding'); } - $sig = static::urlsafeB64Decode($cryptob64); - + if (false === ($sig = static::urlsafeB64Decode($cryptob64))) { + throw new UnexpectedValueException('Invalid signature encoding'); + } if (empty($header->alg)) { throw new UnexpectedValueException('Empty algorithm'); } |