From 5ec6637ceb74d0fc8a8b6de3701743af9d4e1460 Mon Sep 17 00:00:00 2001 From: "Tim St.Clair" Date: Tue, 21 Mar 2017 11:17:49 +1100 Subject: [PATCH] changed base64 checker --- login.php | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/login.php b/login.php index b961616..5bb4e75 100644 --- a/login.php +++ b/login.php @@ -36,8 +36,18 @@ function wp2m_base64_decode($b64) { return base64_decode(str_replace(array('-','_'),array('+','/'),$b64)); } +function wp2m_is_base64($string) { + $decoded = base64_decode($string, true); + // Check if there is no invalid character in string + if (!preg_match('/^[a-zA-Z0-9\/\r\n+]*={0,2}$/', $string)) return false; + // Decode the string in strict mode and send the response + if (!base64_decode($string, true)) return false; + // Encode and compare it to original one + if (base64_encode($decoded) != $string) return false; + return true; +} function decrypt_string($data, $key) { - if ( base64_encode(base64_decode($key)) === $key){ + if ( wp2m_is_base64($key)) { $encryption_key = base64_decode($key); } else { $encryption_key = $key;