diff --git a/core/setup.php b/core/setup.php
index 77eed5376d6ccc10961ad7693a885dc9ec843d9f..b61590e9e4b581c31c1a89d497bd85970655f432 100644
--- a/core/setup.php
+++ b/core/setup.php
@@ -18,6 +18,10 @@ $hasPostgreSQL = is_callable('pg_connect');
 $hasOracle = is_callable('oci_connect');
 $hasMSSQL = is_callable('sqlsrv_connect');
 $datadir = OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data');
+$vulnerableToNullByte = false;
+if(file_exists(__FILE__."\0Nullbyte")) { // Check if the used PHP version is vulnerable to the NULL Byte attack (CVE-2006-7243)
+	$vulnerableToNullByte = true;
+} 
 
 // Protect data directory here, so we can test if the protection is working
 OC_Setup::protectDataDirectory();
@@ -31,6 +35,7 @@ $opts = array(
 	'directory' => $datadir,
 	'secureRNG' => OC_Util::secureRNG_available(),
 	'htaccessWorking' => OC_Util::ishtaccessworking(),
+	'vulnerableToNullByte' => $vulnerableToNullByte,
 	'errors' => array(),
 );
 
diff --git a/core/templates/installation.php b/core/templates/installation.php
index 842686932c77f92947ea63b8c32a635027cc0539..c70903cba552ae4f3a3d2c6f3ba37be830161fe1 100644
--- a/core/templates/installation.php
+++ b/core/templates/installation.php
@@ -19,6 +19,13 @@
 		<?php endforeach; ?>
 	</ul>
 	<?php endif; ?>
+	<?php if($_['vulnerableToNullByte']): ?>
+	<fieldset class="warning">
+		<legend><strong><?php p($l->t('Security Warning'));?></strong></legend>
+		<p><?php p($l->t('Your PHP version is vulnerable to the NULL Byte attack (CVE-2006-7243)'));?><br/>
+		<?php p($l->t('Please update your PHP installation to use ownCloud securely.'));?></p>
+	</fieldset>
+	<?php endif; ?>
 	<?php if(!$_['secureRNG']): ?>
 	<fieldset class="warning">
 		<legend><strong><?php p($l->t('Security Warning'));?></strong></legend>
diff --git a/lib/base.php b/lib/base.php
index 0d33dbb163e5cdef5e14a557015fe0cd7662e2af..76ad0654ed091c6d812b30379868579f0309ece4 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -78,6 +78,8 @@ class OC {
 	 * SPL autoload
 	 */
 	public static function autoload($className) {
+		$className = trim($className, '\\');
+		
 		if (array_key_exists($className, OC::$CLASSPATH)) {
 			$path = OC::$CLASSPATH[$className];
 			/** @TODO: Remove this when necessary
diff --git a/tests/lib/autoloader.php b/tests/lib/autoloader.php
new file mode 100644
index 0000000000000000000000000000000000000000..e769bf3bcf6950e1ee043f3b6552a137e6f8eb57
--- /dev/null
+++ b/tests/lib/autoloader.php
@@ -0,0 +1,19 @@
+<?php
+/**
+ * Copyright (c) 2013 Thomas Müller <thomas.mueller@tmit.eu>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+class Test_AutoLoader extends PHPUnit_Framework_TestCase {
+
+	public function testLeadingSlashOnClassName(){
+		$this->assertTrue(class_exists('\OC\Files\Storage\Local'));
+	}
+
+	public function testNoLeadingSlashOnClassName(){
+		$this->assertTrue(class_exists('OC\Files\Storage\Local'));
+	}
+
+}