Check if the installed PHP version has a fix for the nullbyte vulnerability

author Lukas Reschke <lukas@statuscode.ch>

Wed, 20 Mar 2013 07:43:54 +0000 (08:43 +0100)

committer VicDeo <victor.dubiniuk@gmail.com>

Sun, 31 Mar 2013 12:51:12 +0000 (16:51 +0400)
author Lukas Reschke <lukas@statuscode.ch>
Wed, 20 Mar 2013 07:43:54 +0000 (08:43 +0100)
committer VicDeo <victor.dubiniuk@gmail.com>
Sun, 31 Mar 2013 12:51:12 +0000 (16:51 +0400)
diff --git a/core/setup.php b/core/setup.php

index 77eed5376d6ccc10961ad7693a885dc9ec843d9f..b61590e9e4b581c31c1a89d497bd85970655f432 100644 (file)
--- a/core/setup.php
+++ b/core/setup.php
@@ -18,6 +18,10 @@ $hasPostgreSQL = is_callable('pg_connect');
  $hasOracle = is_callable('oci_connect');
  $hasMSSQL = is_callable('sqlsrv_connect');
  $datadir = OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data');
+$vulnerableToNullByte = false;
+if(file_exists(__FILE__."\0Nullbyte")) { // Check if the used PHP version is vulnerable to the NULL Byte attack (CVE-2006-7243)
+       $vulnerableToNullByte = true;
+} 
  
  // Protect data directory here, so we can test if the protection is working
  OC_Setup::protectDataDirectory();
@@ -31,6 +35,7 @@ $opts = array(
         'directory' => $datadir,
         'secureRNG' => OC_Util::secureRNG_available(),
         'htaccessWorking' => OC_Util::ishtaccessworking(),
+       'vulnerableToNullByte' => $vulnerableToNullByte,
         'errors' => array(),
  );
author	Lukas Reschke <lukas@statuscode.ch>
	Wed, 20 Mar 2013 07:43:54 +0000 (08:43 +0100)
committer	VicDeo <victor.dubiniuk@gmail.com>
	Sun, 31 Mar 2013 12:51:12 +0000 (16:51 +0400)