From 5190d9c1e28411e8de8bf77d769155b706d258d4 Mon Sep 17 00:00:00 2001 From: "Dylan K. Taylor" Date: Fri, 22 Sep 2017 19:52:08 +0100 Subject: [PATCH] Fixed possible issue with JWT decoding this is url-encoded, these characters should be replaced before base64_decode()ing. Not sure how this didn't get noticed before now. --- src/pocketmine/utils/Utils.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pocketmine/utils/Utils.php b/src/pocketmine/utils/Utils.php index 0d2e75b16..7fcd556a3 100644 --- a/src/pocketmine/utils/Utils.php +++ b/src/pocketmine/utils/Utils.php @@ -541,6 +541,6 @@ class Utils{ public static function decodeJWT(string $token) : array{ list($headB64, $payloadB64, $sigB64) = explode(".", $token); - return json_decode(base64_decode($payloadB64), true); + return json_decode(base64_decode(strtr($payloadB64, '-_', '+/'), true), true); } }