diff options
author | xue <> | 2006-02-18 02:25:34 +0000 |
---|---|---|
committer | xue <> | 2006-02-18 02:25:34 +0000 |
commit | 8b9a5c2f0d5025e29a5477ea8cc8937db49b0341 (patch) | |
tree | 938ad05685a430d344e3bf1957f5d3ccd0d1e9ce /framework/Web/UI/WebControls/THtmlArea.php | |
parent | cba0c1b472cec22e4ffed2b3b084bea27cd26582 (diff) |
Fixed a security issue about usage of Prado::getPathOfNamespace.
Diffstat (limited to 'framework/Web/UI/WebControls/THtmlArea.php')
-rw-r--r-- | framework/Web/UI/WebControls/THtmlArea.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/framework/Web/UI/WebControls/THtmlArea.php b/framework/Web/UI/WebControls/THtmlArea.php index d858a90f..1801e739 100644 --- a/framework/Web/UI/WebControls/THtmlArea.php +++ b/framework/Web/UI/WebControls/THtmlArea.php @@ -284,6 +284,8 @@ class THtmlArea extends TTextBox {
$tarfile = Prado::getPathOfNamespace('System.3rdParty.TinyMCE.tiny_mce', '.tar');
$md5sum = Prado::getPathOfNamespace('System.3rdParty.TinyMCE.tiny_mce', '.md5');
+ if($tarfile===null || $md5sum===null)
+ throw new TConfigurationException('htmlarea_tarfile_invalid');
return $this->getApplication()->getAssetManager()->publishTarFile($tarfile, $md5sum);
}
|