diff options
| author | Michael Gapczynski <GapczynskiM@gmail.com> | 2012-05-10 11:43:45 -0400 |
|---|---|---|
| committer | Michael Gapczynski <GapczynskiM@gmail.com> | 2012-05-10 11:44:06 -0400 |
| commit | de95bf62a2e1f82ef2d496f8cf5727aa094b53f7 (patch) | |
| tree | 4fd03bbab2aa9595151abdfde5b8c0f933615e48 /lib | |
| parent | 3c6c8ecab0cd41b4878dba4275a4187011831bab (diff) | |
| download | nextcloud-server-de95bf62a2e1f82ef2d496f8cf5727aa094b53f7.tar.gz nextcloud-server-de95bf62a2e1f82ef2d496f8cf5727aa094b53f7.zip | |
Prevent any null bytes related exploits, thanks to Lukas Reschke
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/base.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/base.php b/lib/base.php index 14f2439ecbd..a874a604707 100644 --- a/lib/base.php +++ b/lib/base.php @@ -424,7 +424,7 @@ class OC{ register_shutdown_function(array('OC_Helper','cleanTmp')); //parse the given parameters - self::$REQUESTEDAPP = (isset($_GET['app'])?strip_tags($_GET['app']):'files'); + self::$REQUESTEDAPP = (isset($_GET['app'])?str_replace('\0', '', strip_tags($_GET['app'])):'files'); if(substr_count(self::$REQUESTEDAPP, '?') != 0){ $app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?')); $param = substr(self::$REQUESTEDAPP, strpos(self::$REQUESTEDAPP, '?') + 1); |