Show a warning in the installer if the used PHP version is vulnerable to the NULL Byte attack

2013-03-20 08:44:33 +01:00 · 2013-03-20 08:44:33 +01:00 · 68d55648d5
commit 68d55648d5
parent dc41cf081c
1 changed files with 7 additions and 0 deletions
--- a/core/templates/installation.php
+++ b/core/templates/installation.php
@ -19,6 +19,13 @@
 		<?php endforeach; ?>
 	</ul>
 	<?php endif; ?>
+	<?php if($_['vulnerableToNullByte']): ?>
+	<fieldset class="warning">
+		<legend><strong><?php p($l->t('Security Warning'));?></strong></legend>
+		<p><?php p($l->t('Your PHP version is vulnerable to the NULL Byte attack (CVE-2006-7243)'));?><br/>
+		<?php p($l->t('Please update your PHP installation to use ownCloud securely.'));?></p>
+	</fieldset>
+	<?php endif; ?>
 	<?php if(!$_['secureRNG']): ?>
 	<fieldset class="warning">
 		<legend><strong><?php p($l->t('Security Warning'));?></strong></legend>