From 8b9a5c2f0d5025e29a5477ea8cc8937db49b0341 Mon Sep 17 00:00:00 2001
From: xue <>
Date: Sat, 18 Feb 2006 02:25:34 +0000
Subject: Fixed a security issue about usage of Prado::getPathOfNamespace.

---
 framework/Web/UI/WebControls/TDatePicker.php | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

(limited to 'framework/Web/UI/WebControls/TDatePicker.php')

diff --git a/framework/Web/UI/WebControls/TDatePicker.php b/framework/Web/UI/WebControls/TDatePicker.php
index 6f5eaffb..fd280938 100644
--- a/framework/Web/UI/WebControls/TDatePicker.php
+++ b/framework/Web/UI/WebControls/TDatePicker.php
@@ -329,8 +329,10 @@ class TDatePicker extends TTextBox
 	{
 		$cs = $this->getPage()->getClientScript();
 		$image = 'System.Web.Javascripts.datepicker.calendar';
-		$file =  Prado::getPathOfNamespace($image, '.png');
-		return $this->publishFilePath($file);
+		if(($file =  Prado::getPathOfNamespace($image, '.png'))!==null)
+			return $this->publishFilePath($file);
+		else
+			throw new TConfigurationException('datepicker_defaultbuttonimage_invalid',$image);
 	}
 
 	/**
@@ -341,11 +343,15 @@ class TDatePicker extends TTextBox
 	{
 		$cs = $this->getPage()->getClientScript();
 		$style = 'System.Web.Javascripts.datepicker.'.$this->getCalendarStyle();
-		$cssFile=Prado::getPathOfNamespace($style,'.css');
-		$url = $this->publishFilePath($cssFile);
-		if(!$cs->isStyleSheetFileRegistered($style))
-			$cs->registerStyleSheetFile($style, $url);
-		return $url;
+		if(($cssFile=Prado::getPathOfNamespace($style,'.css'))!==null)
+		{
+			$url = $this->publishFilePath($cssFile);
+			if(!$cs->isStyleSheetFileRegistered($style))
+				$cs->registerStyleSheetFile($style, $url);
+			return $url;
+		}
+		else
+			throw new TConfigurationException('datepicker_calendarstyle_invalid',$style);
 	}
 
 	/**
-- 
cgit v1.2.3