mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Prevent any null bytes related exploits, thanks to Lukas Reschke

This commit is contained in:
Michael Gapczynski 2012-05-10 11:43:45 -04:00
parent 3c6c8ecab0
commit de95bf62a2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/base.php
View File

@ -424,7 +424,7 @@ class OC{
register_shutdown_function(array('OC_Helper','cleanTmp')); register_shutdown_function(array('OC_Helper','cleanTmp'));
//parse the given parameters //parse the given parameters
self::$REQUESTEDAPP = (isset($_GET['app'])?strip_tags($_GET['app']):'files'); self::$REQUESTEDAPP = (isset($_GET['app'])?str_replace('\0', '', strip_tags($_GET['app'])):'files');
if(substr_count(self::$REQUESTEDAPP, '?') != 0){ if(substr_count(self::$REQUESTEDAPP, '?') != 0){
$app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?')); $app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?'));
$param = substr(self::$REQUESTEDAPP, strpos(self::$REQUESTEDAPP, '?') + 1); $param = substr(self::$REQUESTEDAPP, strpos(self::$REQUESTEDAPP, '?') + 1);