diff options
| author | xue <> | 2006-02-18 02:25:34 +0000 |
|---|---|---|
| committer | xue <> | 2006-02-18 02:25:34 +0000 |
| commit | 8b9a5c2f0d5025e29a5477ea8cc8937db49b0341 (patch) | |
| tree | 938ad05685a430d344e3bf1957f5d3ccd0d1e9ce /framework/Web/Services/TPageService.php | |
| parent | cba0c1b472cec22e4ffed2b3b084bea27cd26582 (diff) | |
Fixed a security issue about usage of Prado::getPathOfNamespace.
Diffstat (limited to 'framework/Web/Services/TPageService.php')
| -rw-r--r-- | framework/Web/Services/TPageService.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/framework/Web/Services/TPageService.php b/framework/Web/Services/TPageService.php index bb80b902..09f1027e 100644 --- a/framework/Web/Services/TPageService.php +++ b/framework/Web/Services/TPageService.php @@ -401,8 +401,9 @@ class TPageService extends TService {
if($this->_initialized)
throw new TInvalidOperationException('pageservice_basepath_unchangeable');
- else if(($this->_basePath=realpath(Prado::getPathOfNamespace($value)))===false || !is_dir($this->_basePath))
+ else if(($path=Prado::getPathOfNamespace($value))===null || !is_dir($path))
throw new TConfigurationException('pageservice_basepath_invalid',$value);
+ $this->_basePath=realpath($path);
}
/**
|