- Affected version
- 2.2.19
\XF\Repository\UserPushRepository::validateSubscriptionDetails() does not validate if key and token are fully valid Base64.This allows invalid values to be stored in the DB causing possible errors like
Code:
InvalidArgumentException: Invalid data provided src/vendor/spomky-labs/base64url/src/Base64Url.php:51
#0 src/vendor/minishlink/web-push/src/Encryption.php(82): Base64Url\Base64Url::decode('<redacted>')
