From 8b9a5c2f0d5025e29a5477ea8cc8937db49b0341 Mon Sep 17 00:00:00 2001 From: xue <> Date: Sat, 18 Feb 2006 02:25:34 +0000 Subject: Fixed a security issue about usage of Prado::getPathOfNamespace. --- framework/Web/Services/TPageService.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'framework/Web/Services') diff --git a/framework/Web/Services/TPageService.php b/framework/Web/Services/TPageService.php index bb80b902..09f1027e 100644 --- a/framework/Web/Services/TPageService.php +++ b/framework/Web/Services/TPageService.php @@ -401,8 +401,9 @@ class TPageService extends TService { if($this->_initialized) throw new TInvalidOperationException('pageservice_basepath_unchangeable'); - else if(($this->_basePath=realpath(Prado::getPathOfNamespace($value)))===false || !is_dir($this->_basePath)) + else if(($path=Prado::getPathOfNamespace($value))===null || !is_dir($path)) throw new TConfigurationException('pageservice_basepath_invalid',$value); + $this->_basePath=realpath($path); } /** -- cgit v1.2.3