diff options
| author | xue <> | 2006-02-18 02:25:34 +0000 |
|---|---|---|
| committer | xue <> | 2006-02-18 02:25:34 +0000 |
| commit | 8b9a5c2f0d5025e29a5477ea8cc8937db49b0341 (patch) | |
| tree | 938ad05685a430d344e3bf1957f5d3ccd0d1e9ce /framework/Web/UI/WebControls/TDatePicker.php | |
| parent | cba0c1b472cec22e4ffed2b3b084bea27cd26582 (diff) | |
Fixed a security issue about usage of Prado::getPathOfNamespace.
Diffstat (limited to 'framework/Web/UI/WebControls/TDatePicker.php')
| -rw-r--r-- | framework/Web/UI/WebControls/TDatePicker.php | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/framework/Web/UI/WebControls/TDatePicker.php b/framework/Web/UI/WebControls/TDatePicker.php index 6f5eaffb..fd280938 100644 --- a/framework/Web/UI/WebControls/TDatePicker.php +++ b/framework/Web/UI/WebControls/TDatePicker.php @@ -329,8 +329,10 @@ class TDatePicker extends TTextBox {
$cs = $this->getPage()->getClientScript();
$image = 'System.Web.Javascripts.datepicker.calendar';
- $file = Prado::getPathOfNamespace($image, '.png');
- return $this->publishFilePath($file);
+ if(($file = Prado::getPathOfNamespace($image, '.png'))!==null)
+ return $this->publishFilePath($file);
+ else
+ throw new TConfigurationException('datepicker_defaultbuttonimage_invalid',$image);
}
/**
@@ -341,11 +343,15 @@ class TDatePicker extends TTextBox {
$cs = $this->getPage()->getClientScript();
$style = 'System.Web.Javascripts.datepicker.'.$this->getCalendarStyle();
- $cssFile=Prado::getPathOfNamespace($style,'.css');
- $url = $this->publishFilePath($cssFile);
- if(!$cs->isStyleSheetFileRegistered($style))
- $cs->registerStyleSheetFile($style, $url);
- return $url;
+ if(($cssFile=Prado::getPathOfNamespace($style,'.css'))!==null)
+ {
+ $url = $this->publishFilePath($cssFile);
+ if(!$cs->isStyleSheetFileRegistered($style))
+ $cs->registerStyleSheetFile($style, $url);
+ return $url;
+ }
+ else
+ throw new TConfigurationException('datepicker_calendarstyle_invalid',$style);
}
/**
|