From de95bf62a2e1f82ef2d496f8cf5727aa094b53f7 Mon Sep 17 00:00:00 2001
From: Michael Gapczynski <GapczynskiM@gmail.com>
Date: Thu, 10 May 2012 11:43:45 -0400
Subject: [PATCH] Prevent any null bytes related exploits, thanks to Lukas
 Reschke

---
 lib/base.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/base.php b/lib/base.php
index 14f2439ecbd..a874a604707 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -424,7 +424,7 @@ class OC{
 		register_shutdown_function(array('OC_Helper','cleanTmp'));
 		
 		//parse the given parameters
-		self::$REQUESTEDAPP = (isset($_GET['app'])?strip_tags($_GET['app']):'files');
+		self::$REQUESTEDAPP = (isset($_GET['app'])?str_replace('\0', '', strip_tags($_GET['app'])):'files');
 		if(substr_count(self::$REQUESTEDAPP, '?') != 0){
 			$app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?'));
 			$param = substr(self::$REQUESTEDAPP, strpos(self::$REQUESTEDAPP, '?') + 1);
-- 
2.39.5