Mirrors/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2024-08-10 14:11:53 +02:00
Code Issues Actions 34 Packages Projects Releases Wiki Activity

Check if the installed PHP version has a fix for the nullbyte vulnerability

Browse Source
This commit is contained in:
Lukas Reschke 2013-03-20 08:43:54 +01:00
parent 5750dc9833
commit dc41cf081c
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core/setup.php
View File

@ -18,6 +18,10 @@ $hasPostgreSQL = is_callable('pg_connect');
$hasOracle = is_callable('oci_connect');
$hasMSSQL = is_callable('sqlsrv_connect');
$datadir = OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data');
$vulnerableToNullByte = false;
if(file_exists(__FILE__."\0Nullbyte")) { // Check if the used PHP version is vulnerable to the NULL Byte attack (CVE-2006-7243)
$vulnerableToNullByte = true;
}
// Protect data directory here, so we can test if the protection is working
OC_Setup::protectDataDirectory();
@ -31,6 +35,7 @@ $opts = array(
'directory' => $datadir,
'secureRNG' => OC_Util::secureRNG_available(),
'htaccessWorking' => OC_Util::ishtaccessworking(),
'vulnerableToNullByte' => $vulnerableToNullByte,
'errors' => array(),
);