Skip to content

Instantly share code, notes, and snippets.

@nickvergessen
Created November 14, 2018 13:37
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nickvergessen/b070db9acee75dfbf25f160c8a4710b0 to your computer and use it in GitHub Desktop.
Save nickvergessen/b070db9acee75dfbf25f160c8a4710b0 to your computer and use it in GitHub Desktop.
<?php
/**
FAILS
*
* Your webserver seems to be not configured to use PHP or PHP is not installed.
* Please contact your administrator or follow our documentation:
* https://docs.nextcloud.com/server/13/admin_manual/installation/source_installation.html
*
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
* @author Georg Ehrke <oc.list@georgehrke.com>
* @author Joas Schilling <coding@schilljs.com>
* @author Jörn Friedrich Dreyer <jfd@butonic.de>
* @author Lukas Reschke <lukas@statuscode.ch>
* @author Morris Jobke <hey@morrisjobke.de>
* @author Robin Appelman <robin@icewind.nl>
* @author Sergio Bertolín <sbertolin@solidgear.es>
* @author Thomas Müller <thomas.mueller@tmit.eu>
* @author Vincent Petry <pvince81@owncloud.com>
*
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
require_once __DIR__ . '/lib/versioncheck.php';
try {
require_once __DIR__ . '/lib/base.php';
$qb = \OC::$server->getDatabaseConnection()->getQueryBuilder();
$result = $qb->select('*')
->from('authtoken')
->where($qb->expr()->eq('token', $qb->createNamedParameter($token)))
->execute();
\OC\Log\ErrorHandler::onAll(12, '$message', '$file', 23);
} catch(\Exception $ex) {
}
@nickvergessen
Copy link
Author

Okay, this is really fucked somehow,

$qb->createNamedParameter($token) throws an Undefined variable (obviously) and then inside createNamedParameter the parameters are null, null, null
With $qb->createNamedParameter('$token') the parameters are '$token', 2, null
Which is clearly a PHP bug, but isolated I can not reproduce:

<?php
interface Bar {
    
	const DEF = \PDO::PARAM_STR;
}

class Foo implements Bar {
	public function a($c, $b = self::DEF, $a = null) {
	    var_dump($b);
	}
}

$a = new Foo();
$a->a($c);
Notice: Undefined variable: c in /in/schuM on line 14
int(2) 

Why those error messages cause a segfault is a whole different story

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment