Pass with append string still valid

laminas / laminas-authentication

provides an API for authentication and includes concrete authentication adapters for common use case scenarios

https://docs.laminas.dev/laminas-authentication/

BSD 3-Clause "New" or "Revised" License

24 stars 15 forks source link

Pass with append string still valid #1

Open weierophinney opened 4 years ago

weierophinney commented 4 years ago

Adding string to correct basic token still allow to pass token when using crypt.

Originally posted by @snapshotpl at https://github.com/zendframework/zend-authentication/pull/43

weierophinney commented 4 years ago

What you show here apears to be result of non-strict mode of base64_decode() in Http adapter, which silently drops invalid portions of base64 encoded string

Originally posted by @Xerkus at https://github.com/zendframework/zend-authentication/pull/43#issuecomment-491969984