validateSubscriptionDetails() does not stictly validate key and token

[Kirby]

\XF\Repository\UserPushRepository::validateSubscriptionDetails() does not validate if key and token are fully valid Base64.

This allows invalid values to be stored in the DB causing possible errors like
Code:

InvalidArgumentException: Invalid data provided src/vendor/spomky-labs/base64url/src/Base64Url.php:51

#0 src/vendor/minishlink/web-push/src/Encryption.php(82): Base64Url\Base64Url::decode('<redacted>')

when sending notifications.

Continue reading...