Prevent any null bytes related exploits, thanks to Lukas Reschke

de95bf62 · Michael Gapczynski · 3c6c8eca · de95bf62
Commit de95bf62 authored 12 years ago by Michael Gapczynski
--- a/lib/base.php
+++ b/lib/base.php
@@ -424,7 +424,7 @@ class OC{
 		register_shutdown_function(array('OC_Helper','cleanTmp'));
 		
 		//parse the given parameters
-		self::$REQUESTEDAPP = (isset($_GET['app'])?strip_tags($_GET['app']):'files');
+		self::$REQUESTEDAPP = (isset($_GET['app'])?str_replace('\0', '', strip_tags($_GET['app'])):'files');
 		if(substr_count(self::$REQUESTEDAPP, '?') != 0){
 			$app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?'));
 			$param = substr(self::$REQUESTEDAPP, strpos(self::$REQUESTEDAPP, '?') + 1);