From 8b9a5c2f0d5025e29a5477ea8cc8937db49b0341 Mon Sep 17 00:00:00 2001
From: xue <>
Date: Sat, 18 Feb 2006 02:25:34 +0000
Subject: Fixed a security issue about usage of Prado::getPathOfNamespace.

---
 framework/Web/UI/WebControls/TTextHighlighter.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'framework/Web/UI/WebControls/TTextHighlighter.php')

diff --git a/framework/Web/UI/WebControls/TTextHighlighter.php b/framework/Web/UI/WebControls/TTextHighlighter.php
index 281f131e..4eec7de1 100644
--- a/framework/Web/UI/WebControls/TTextHighlighter.php
+++ b/framework/Web/UI/WebControls/TTextHighlighter.php
@@ -122,7 +122,8 @@ class TTextHighlighter extends TWebControl
 		$cssKey='prado:TTextHighlighter';
 		if(!$cs->isStyleSheetFileRegistered($cssKey))
 		{
-			$cssFile=Prado::getPathOfNamespace('System.3rdParty.geshi.highlight','.css');
+			if(($cssFile=Prado::getPathOfNamespace('System.3rdParty.geshi.highlight','.css'))===null)
+				throw new TConfigurationException('texthighlighter_stylesheet_invalid');
 			$styleSheet = $this->publishFilePath($cssFile);
 			$cs->registerStyleSheetFile($cssKey, $styleSheet);
 		}
-- 
cgit v1.2.3