diff options
| author | xue <> | 2006-02-18 02:25:34 +0000 |
|---|---|---|
| committer | xue <> | 2006-02-18 02:25:34 +0000 |
| commit | 8b9a5c2f0d5025e29a5477ea8cc8937db49b0341 (patch) | |
| tree | 938ad05685a430d344e3bf1957f5d3ccd0d1e9ce /framework/Web/UI/WebControls/TRatingList.php | |
| parent | cba0c1b472cec22e4ffed2b3b084bea27cd26582 (diff) | |
Fixed a security issue about usage of Prado::getPathOfNamespace.
Diffstat (limited to 'framework/Web/UI/WebControls/TRatingList.php')
| -rw-r--r-- | framework/Web/UI/WebControls/TRatingList.php | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/framework/Web/UI/WebControls/TRatingList.php b/framework/Web/UI/WebControls/TRatingList.php index 3c5a9279..4302c3b3 100644 --- a/framework/Web/UI/WebControls/TRatingList.php +++ b/framework/Web/UI/WebControls/TRatingList.php @@ -158,7 +158,8 @@ class TRatingListDefaultStyle extends TRatingListStyle public function getStyleSheet()
{
$style = 'System.Web.Javascripts.ratings.default';
- $cssFile=Prado::getPathOfNamespace($style,'.css');
+ if(($cssFile=Prado::getPathOfNamespace($style,'.css'))===null)
+ throw new TConfigurationException('ratinglist_stylesheet_invalid',$style);
return $cssFile;
}
@@ -166,7 +167,9 @@ class TRatingListDefaultStyle extends TRatingListStyle {
$assets = array();
$image = 'System.Web.Javascripts.ratings.10star_white';
- $assets[] = Prado::getPathOfNamespace($image, '.gif');
+ if(($file=Prado::getPathOfNamespace($image, '.gif'))===null)
+ throw TConfigurationException('ratinglist_asset_invalid',$image);
+ $assets[] = $file;
return $assets;
}
}
|