From 8b9a5c2f0d5025e29a5477ea8cc8937db49b0341 Mon Sep 17 00:00:00 2001
From: xue <>
Date: Sat, 18 Feb 2006 02:25:34 +0000
Subject: Fixed a security issue about usage of Prado::getPathOfNamespace.

---
 framework/Web/UI/WebControls/TRatingList.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'framework/Web/UI/WebControls/TRatingList.php')

diff --git a/framework/Web/UI/WebControls/TRatingList.php b/framework/Web/UI/WebControls/TRatingList.php
index 3c5a9279..4302c3b3 100644
--- a/framework/Web/UI/WebControls/TRatingList.php
+++ b/framework/Web/UI/WebControls/TRatingList.php
@@ -158,7 +158,8 @@ class TRatingListDefaultStyle extends TRatingListStyle
 	public function getStyleSheet()
 	{
 		$style = 'System.Web.Javascripts.ratings.default';
-		$cssFile=Prado::getPathOfNamespace($style,'.css');
+		if(($cssFile=Prado::getPathOfNamespace($style,'.css'))===null)
+			throw new TConfigurationException('ratinglist_stylesheet_invalid',$style);
 		return $cssFile;
 	}
 
@@ -166,7 +167,9 @@ class TRatingListDefaultStyle extends TRatingListStyle
 	{
 		$assets = array();
 		$image = 'System.Web.Javascripts.ratings.10star_white';
-		$assets[] =  Prado::getPathOfNamespace($image, '.gif');
+		if(($file=Prado::getPathOfNamespace($image, '.gif'))===null)
+			throw TConfigurationException('ratinglist_asset_invalid',$image);
+		$assets[] =  $file;
 		return $assets;
 	}
 }
-- 
cgit v1.2.3