diff options
| author | VicDeo <victor.dubiniuk@gmail.com> | 2013-03-31 06:10:47 -0700 |
|---|---|---|
| committer | VicDeo <victor.dubiniuk@gmail.com> | 2013-03-31 06:10:47 -0700 |
| commit | e1b6574ce72db4fd398fb72f9e21ec766b7897eb (patch) | |
| tree | 32e308e41213e6ac1a8c743d022eb7398a91b245 | |
| parent | b9213cf451cf694ba3b2e7a89f3ff4377198e4e7 (diff) | |
| parent | c16860e648860b37b5a1b56c3f2cfb663eff61cf (diff) | |
| download | nextcloud-server-5.0.1.tar.gz nextcloud-server-5.0.1.zip | |
Merge pull request #2625 from owncloud/fix_namespace_in_autoloader_stable5v5.0.1
Fix namespace in autoloader stable5
| -rw-r--r-- | core/setup.php | 5 | ||||
| -rw-r--r-- | core/templates/installation.php | 7 | ||||
| -rw-r--r-- | lib/base.php | 2 | ||||
| -rw-r--r-- | tests/lib/autoloader.php | 19 |
4 files changed, 33 insertions, 0 deletions
diff --git a/core/setup.php b/core/setup.php index 77eed5376d6..b61590e9e4b 100644 --- a/core/setup.php +++ b/core/setup.php @@ -18,6 +18,10 @@ $hasPostgreSQL = is_callable('pg_connect'); $hasOracle = is_callable('oci_connect'); $hasMSSQL = is_callable('sqlsrv_connect'); $datadir = OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data'); +$vulnerableToNullByte = false; +if(file_exists(__FILE__."\0Nullbyte")) { // Check if the used PHP version is vulnerable to the NULL Byte attack (CVE-2006-7243) + $vulnerableToNullByte = true; +} // Protect data directory here, so we can test if the protection is working OC_Setup::protectDataDirectory(); @@ -31,6 +35,7 @@ $opts = array( 'directory' => $datadir, 'secureRNG' => OC_Util::secureRNG_available(), 'htaccessWorking' => OC_Util::ishtaccessworking(), + 'vulnerableToNullByte' => $vulnerableToNullByte, 'errors' => array(), ); diff --git a/core/templates/installation.php b/core/templates/installation.php index 842686932c7..c70903cba55 100644 --- a/core/templates/installation.php +++ b/core/templates/installation.php @@ -19,6 +19,13 @@ <?php endforeach; ?> </ul> <?php endif; ?> + <?php if($_['vulnerableToNullByte']): ?> + <fieldset class="warning"> + <legend><strong><?php p($l->t('Security Warning'));?></strong></legend> + <p><?php p($l->t('Your PHP version is vulnerable to the NULL Byte attack (CVE-2006-7243)'));?><br/> + <?php p($l->t('Please update your PHP installation to use ownCloud securely.'));?></p> + </fieldset> + <?php endif; ?> <?php if(!$_['secureRNG']): ?> <fieldset class="warning"> <legend><strong><?php p($l->t('Security Warning'));?></strong></legend> diff --git a/lib/base.php b/lib/base.php index 0d33dbb163e..76ad0654ed0 100644 --- a/lib/base.php +++ b/lib/base.php @@ -78,6 +78,8 @@ class OC { * SPL autoload */ public static function autoload($className) { + $className = trim($className, '\\'); + if (array_key_exists($className, OC::$CLASSPATH)) { $path = OC::$CLASSPATH[$className]; /** @TODO: Remove this when necessary diff --git a/tests/lib/autoloader.php b/tests/lib/autoloader.php new file mode 100644 index 00000000000..e769bf3bcf6 --- /dev/null +++ b/tests/lib/autoloader.php @@ -0,0 +1,19 @@ +<?php +/** + * Copyright (c) 2013 Thomas Müller <thomas.mueller@tmit.eu> + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + +class Test_AutoLoader extends PHPUnit_Framework_TestCase { + + public function testLeadingSlashOnClassName(){ + $this->assertTrue(class_exists('\OC\Files\Storage\Local')); + } + + public function testNoLeadingSlashOnClassName(){ + $this->assertTrue(class_exists('OC\Files\Storage\Local')); + } + +} |