summaryrefslogtreecommitdiff
path: root/framework/Web/UI/WebControls/THtmlArea.php
diff options
context:
space:
mode:
authorxue <>2006-02-18 02:25:34 +0000
committerxue <>2006-02-18 02:25:34 +0000
commit8b9a5c2f0d5025e29a5477ea8cc8937db49b0341 (patch)
tree938ad05685a430d344e3bf1957f5d3ccd0d1e9ce /framework/Web/UI/WebControls/THtmlArea.php
parentcba0c1b472cec22e4ffed2b3b084bea27cd26582 (diff)
Fixed a security issue about usage of Prado::getPathOfNamespace.
Diffstat (limited to 'framework/Web/UI/WebControls/THtmlArea.php')
-rw-r--r--framework/Web/UI/WebControls/THtmlArea.php2
1 files changed, 2 insertions, 0 deletions
diff --git a/framework/Web/UI/WebControls/THtmlArea.php b/framework/Web/UI/WebControls/THtmlArea.php
index d858a90f..1801e739 100644
--- a/framework/Web/UI/WebControls/THtmlArea.php
+++ b/framework/Web/UI/WebControls/THtmlArea.php
@@ -284,6 +284,8 @@ class THtmlArea extends TTextBox
{
$tarfile = Prado::getPathOfNamespace('System.3rdParty.TinyMCE.tiny_mce', '.tar');
$md5sum = Prado::getPathOfNamespace('System.3rdParty.TinyMCE.tiny_mce', '.md5');
+ if($tarfile===null || $md5sum===null)
+ throw new TConfigurationException('htmlarea_tarfile_invalid');
return $this->getApplication()->getAssetManager()->publishTarFile($tarfile, $md5sum);
}