From: Lukas Reschke <lukas@statuscode.ch>
Date: Wed, 20 Mar 2013 07:44:33 +0000 (+0100)
Subject: Show a warning in the installer if the used PHP version is vulnerable to the NULL... 
X-Git-Tag: v6.0.0alpha2~1027^2~1
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=68d55648d5904a86d21fb5258684687a31929011;p=nextcloud-server.git

Show a warning in the installer if the used PHP version is vulnerable to the NULL Byte attack
---

diff --git a/core/templates/installation.php b/core/templates/installation.php
index 842686932c7..c70903cba55 100644
--- a/core/templates/installation.php
+++ b/core/templates/installation.php
@@ -19,6 +19,13 @@
 		<?php endforeach; ?>
 	</ul>
 	<?php endif; ?>
+	<?php if($_['vulnerableToNullByte']): ?>
+	<fieldset class="warning">
+		<legend><strong><?php p($l->t('Security Warning'));?></strong></legend>
+		<p><?php p($l->t('Your PHP version is vulnerable to the NULL Byte attack (CVE-2006-7243)'));?><br/>
+		<?php p($l->t('Please update your PHP installation to use ownCloud securely.'));?></p>
+	</fieldset>
+	<?php endif; ?>
 	<?php if(!$_['secureRNG']): ?>
 	<fieldset class="warning">
 		<legend><strong><?php p($l->t('Security Warning'));?></strong></legend>