diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2013-03-20 08:43:54 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2013-03-20 08:43:54 +0100 |
| commit | dc41cf081cac227f0d73b56542fa6295285e170c (patch) | |
| tree | c658be1089d71608de49eb95956cafe87a4c0e44 /core/setup.php | |
| parent | 5750dc9833be45bd94ae95dfd1c61a79a7d33058 (diff) | |
| download | nextcloud-server-dc41cf081cac227f0d73b56542fa6295285e170c.tar.gz nextcloud-server-dc41cf081cac227f0d73b56542fa6295285e170c.zip | |
Check if the installed PHP version has a fix for the nullbyte vulnerability
Diffstat (limited to 'core/setup.php')
| -rw-r--r-- | core/setup.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/core/setup.php b/core/setup.php index 77eed5376d6..b61590e9e4b 100644 --- a/core/setup.php +++ b/core/setup.php @@ -18,6 +18,10 @@ $hasPostgreSQL = is_callable('pg_connect'); $hasOracle = is_callable('oci_connect'); $hasMSSQL = is_callable('sqlsrv_connect'); $datadir = OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data'); +$vulnerableToNullByte = false; +if(file_exists(__FILE__."\0Nullbyte")) { // Check if the used PHP version is vulnerable to the NULL Byte attack (CVE-2006-7243) + $vulnerableToNullByte = true; +} // Protect data directory here, so we can test if the protection is working OC_Setup::protectDataDirectory(); @@ -31,6 +35,7 @@ $opts = array( 'directory' => $datadir, 'secureRNG' => OC_Util::secureRNG_available(), 'htaccessWorking' => OC_Util::ishtaccessworking(), + 'vulnerableToNullByte' => $vulnerableToNullByte, 'errors' => array(), ); |