From d4a492d321a20b7313434cb70e307f5e84f60726 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Wed, 20 Mar 2013 08:44:33 +0100
Subject: [PATCH] Show a warning in the installer if the used PHP version is
 vulnerable to the NULL Byte attack

---
 core/templates/installation.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/core/templates/installation.php b/core/templates/installation.php
index 842686932c7..c70903cba55 100644
--- a/core/templates/installation.php
+++ b/core/templates/installation.php
@@ -19,6 +19,13 @@
 		<?php endforeach; ?>
 	</ul>
 	<?php endif; ?>
+	<?php if($_['vulnerableToNullByte']): ?>
+	<fieldset class="warning">
+		<legend><strong><?php p($l->t('Security Warning'));?></strong></legend>
+		<p><?php p($l->t('Your PHP version is vulnerable to the NULL Byte attack (CVE-2006-7243)'));?><br/>
+		<?php p($l->t('Please update your PHP installation to use ownCloud securely.'));?></p>
+	</fieldset>
+	<?php endif; ?>
 	<?php if(!$_['secureRNG']): ?>
 	<fieldset class="warning">
 		<legend><strong><?php p($l->t('Security Warning'));?></strong></legend>
-- 
2.39.5