nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Do not allow user to modify php code before saving.

Browse Source
This commit is contained in:
Michal Čihař
2009-04-14 10:19:02 +00:00
parent 2647ce6a5e
commit c98e5e3a5a
2 changed files with 3 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
setup/config.php
View File

@@ -15,31 +15,6 @@ require './lib/common.inc.php';
require_once './setup/lib/Form.class.php'; require_once './setup/lib/Form.class.php';
require_once './setup/lib/FormDisplay.class.php'; require_once './setup/lib/FormDisplay.class.php';
/**
* Returns config file contents depending on GET type value:
* o session - uses ConfigFile::getConfigFile()
* o post - uses POST textconfig value
*
* @return string
*/
function get_config() {
$type = PMA_ifSetOr($_GET['type'], 'session');
if ($type == 'session') {
$config = ConfigFile::getInstance()->getConfigFile();
} else {
$config = PMA_ifSetOr($_POST['textconfig'], '');
// make sure our eol is \n
$config = str_replace("\r\n", "\n", $config);
if ($_SESSION['eol'] == 'win') {
$config = str_replace("\n", "\r\n", $config);
}
}
return $config;
}
$form_display = new FormDisplay(); $form_display = new FormDisplay();
$form_display->registerForm('_config.php'); $form_display->registerForm('_config.php');
$form_display->save('_config.php'); $form_display->save('_config.php');
@@ -64,13 +39,13 @@ if (PMA_ifSetOr($_POST['submit_clear'], '')) {
// //
header('Content-Type: text/plain'); header('Content-Type: text/plain');
header('Content-Disposition: attachment; filename="config.inc.php"'); header('Content-Disposition: attachment; filename="config.inc.php"');
echo get_config(); echo ConfigFile::getInstance()->getConfigFile();
exit; exit;
} elseif (PMA_ifSetOr($_POST['submit_save'], '')) { } elseif (PMA_ifSetOr($_POST['submit_save'], '')) {
// //
// Save generated config file on the server // Save generated config file on the server
// //
file_put_contents($config_file_path, get_config()); file_put_contents($config_file_path, ConfigFile::getInstance()->getConfigFile());
header('HTTP/1.1 303 See Other'); header('HTTP/1.1 303 See Other');
header('Location: index.php'); header('Location: index.php');
exit; exit;

4
setup/frames/config.inc.php
View File

@@ -24,7 +24,7 @@ $config_exists = false;
check_config_rw($config_readable, $config_writable, $config_exists); check_config_rw($config_readable, $config_writable, $config_exists);
?> ?>
<h2><?php echo $GLOBALS['strSetupConfigurationFile'] ?></h2> <h2><?php echo $GLOBALS['strSetupConfigurationFile'] ?></h2>
<?php display_form_top('config.php?type=post'); ?> <?php display_form_top('config.php'); ?>
<input type="hidden" name="eol" value="<?php echo htmlspecialchars(PMA_ifSetOr($_GET['eol'], 'unix')) ?>" /> <input type="hidden" name="eol" value="<?php echo htmlspecialchars(PMA_ifSetOr($_GET['eol'], 'unix')) ?>" />
<?php display_fieldset_top('', '', null, array('class' => 'simple')); ?> <?php display_fieldset_top('', '', null, array('class' => 'simple')); ?>
<tr> <tr>
@@ -38,8 +38,6 @@ check_config_rw($config_readable, $config_writable, $config_exists);
<td class="lastrow" style="text-align: left"> <td class="lastrow" style="text-align: left">
<input type="submit" name="submit_download" value="<?php echo $GLOBALS['strSetupDownload'] ?>" class="green" /> <input type="submit" name="submit_download" value="<?php echo $GLOBALS['strSetupDownload'] ?>" class="green" />
<input type="submit" name="submit_save" value="<?php echo $GLOBALS['strSave'] ?>"<?php if (!$config_writable) echo ' disabled="disabled"' ?> /> <input type="submit" name="submit_save" value="<?php echo $GLOBALS['strSave'] ?>"<?php if (!$config_writable) echo ' disabled="disabled"' ?> />
&nbsp; &nbsp;
<input type="reset" value="<?php echo $GLOBALS['strReset'] ?>" />
</td> </td>
</tr> </tr>
<?php <?php