From 8b9a5c2f0d5025e29a5477ea8cc8937db49b0341 Mon Sep 17 00:00:00 2001
From: xue <>
Date: Sat, 18 Feb 2006 02:25:34 +0000
Subject: Fixed a security issue about usage of Prado::getPathOfNamespace.

---
 framework/Web/UI/WebControls/THtmlArea.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'framework/Web/UI/WebControls/THtmlArea.php')

diff --git a/framework/Web/UI/WebControls/THtmlArea.php b/framework/Web/UI/WebControls/THtmlArea.php
index d858a90f..1801e739 100644
--- a/framework/Web/UI/WebControls/THtmlArea.php
+++ b/framework/Web/UI/WebControls/THtmlArea.php
@@ -284,6 +284,8 @@ class THtmlArea extends TTextBox
 	{
 		$tarfile = Prado::getPathOfNamespace('System.3rdParty.TinyMCE.tiny_mce', '.tar');
 		$md5sum = Prado::getPathOfNamespace('System.3rdParty.TinyMCE.tiny_mce', '.md5');
+		if($tarfile===null || $md5sum===null)
+			throw new TConfigurationException('htmlarea_tarfile_invalid');
 		return $this->getApplication()->getAssetManager()->publishTarFile($tarfile, $md5sum);
 	}
 
-- 
cgit v1.2.3