From ac90d8036f5dadcb076c1e7dd6d9402d2d917154 Mon Sep 17 00:00:00 2001
From: Eric Espie <eric.espie@combodo.com>
Date: Wed, 3 Jul 2024 18:03:15 +0200
Subject: [PATCH] =?UTF-8?q?N=C2=B07516=20-=20hardening=20code?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../portal/src/Helper/ContextManipulatorHelper.php    | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/datamodels/2.x/itop-portal-base/portal/src/Helper/ContextManipulatorHelper.php b/datamodels/2.x/itop-portal-base/portal/src/Helper/ContextManipulatorHelper.php
index 58caab5f8f..1cad8d8949 100644
--- a/datamodels/2.x/itop-portal-base/portal/src/Helper/ContextManipulatorHelper.php
+++ b/datamodels/2.x/itop-portal-base/portal/src/Helper/ContextManipulatorHelper.php
@@ -533,7 +533,7 @@ class ContextManipulatorHelper
 
 		$sPPrivateKey = self::GetPrivateKey();
 		$oCrypt = new SimpleCrypt(MetaModel::GetConfig()->GetEncryptionLibrary());
-		return base64_encode($oCrypt->Encrypt($sPPrivateKey, json_encode($aTokenRules)));
+		return self::base64url_encode($oCrypt->Encrypt($sPPrivateKey, json_encode($aTokenRules)));
 	}
 
 	/**
@@ -566,7 +566,7 @@ class ContextManipulatorHelper
 	{
 		$sPrivateKey = self::GetPrivateKey();
 		$oCrypt = new SimpleCrypt(MetaModel::GetConfig()->GetEncryptionLibrary());
-		$sDecryptedToken = $oCrypt->Decrypt($sPrivateKey, base64_decode($sToken));
+		$sDecryptedToken = $oCrypt->Decrypt($sPrivateKey, self::base64url_decode($sToken));
 
 		$aTokenRules = json_decode($sDecryptedToken, true);
 		if (!is_array($aTokenRules))
@@ -577,6 +577,13 @@ class ContextManipulatorHelper
 		return $aTokenRules;
 	}
 
+	private static function base64url_encode($sData) {
+		return rtrim(strtr(base64_encode($sData), '+/', '-_'), '=');
+	}
+
+	private static function base64url_decode($sData) {
+		return base64_decode(str_pad(strtr($sData, '-_', '+/'), strlen($sData) % 4, '=', STR_PAD_RIGHT));
+	}
 
 	/**
 	 * @return string