Check if the installed PHP version has a fix for the nullbyte vulnerability
This commit is contained in:
parent
5750dc9833
commit
dc41cf081c
|
@ -18,6 +18,10 @@ $hasPostgreSQL = is_callable('pg_connect');
|
||||||
$hasOracle = is_callable('oci_connect');
|
$hasOracle = is_callable('oci_connect');
|
||||||
$hasMSSQL = is_callable('sqlsrv_connect');
|
$hasMSSQL = is_callable('sqlsrv_connect');
|
||||||
$datadir = OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data');
|
$datadir = OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data');
|
||||||
|
$vulnerableToNullByte = false;
|
||||||
|
if(file_exists(__FILE__."\0Nullbyte")) { // Check if the used PHP version is vulnerable to the NULL Byte attack (CVE-2006-7243)
|
||||||
|
$vulnerableToNullByte = true;
|
||||||
|
}
|
||||||
|
|
||||||
// Protect data directory here, so we can test if the protection is working
|
// Protect data directory here, so we can test if the protection is working
|
||||||
OC_Setup::protectDataDirectory();
|
OC_Setup::protectDataDirectory();
|
||||||
|
@ -31,6 +35,7 @@ $opts = array(
|
||||||
'directory' => $datadir,
|
'directory' => $datadir,
|
||||||
'secureRNG' => OC_Util::secureRNG_available(),
|
'secureRNG' => OC_Util::secureRNG_available(),
|
||||||
'htaccessWorking' => OC_Util::ishtaccessworking(),
|
'htaccessWorking' => OC_Util::ishtaccessworking(),
|
||||||
|
'vulnerableToNullByte' => $vulnerableToNullByte,
|
||||||
'errors' => array(),
|
'errors' => array(),
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue