From: Lukas Reschke <lukas@statuscode.ch>
Date: Wed, 20 Mar 2013 07:43:54 +0000 (+0100)
Subject: Check if the installed PHP version has a fix for the nullbyte vulnerability
X-Git-Tag: v6.0.0alpha2~1027^2~2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=dc41cf081cac227f0d73b56542fa6295285e170c;p=nextcloud-server.git

Check if the installed PHP version has a fix for the nullbyte vulnerability
---

diff --git a/core/setup.php b/core/setup.php
index 77eed5376d6..b61590e9e4b 100644
--- a/core/setup.php
+++ b/core/setup.php
@@ -18,6 +18,10 @@ $hasPostgreSQL = is_callable('pg_connect');
 $hasOracle = is_callable('oci_connect');
 $hasMSSQL = is_callable('sqlsrv_connect');
 $datadir = OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data');
+$vulnerableToNullByte = false;
+if(file_exists(__FILE__."\0Nullbyte")) { // Check if the used PHP version is vulnerable to the NULL Byte attack (CVE-2006-7243)
+	$vulnerableToNullByte = true;
+} 
 
 // Protect data directory here, so we can test if the protection is working
 OC_Setup::protectDataDirectory();
@@ -31,6 +35,7 @@ $opts = array(
 	'directory' => $datadir,
 	'secureRNG' => OC_Util::secureRNG_available(),
 	'htaccessWorking' => OC_Util::ishtaccessworking(),
+	'vulnerableToNullByte' => $vulnerableToNullByte,
 	'errors' => array(),
 );