From dd98df3e3c7732ea9d5f7e28a71661f137a9a806 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Tue, 14 Apr 2009 10:19:02 +0000
Subject: [PATCH] Do not allow user to modify php code before saving.

---
 setup/config.php            | 29 ++---------------------------
 setup/frames/config.inc.php |  4 +---
 2 files changed, 3 insertions(+), 30 deletions(-)

diff --git a/setup/config.php b/setup/config.php
index 58073b206..66f376174 100644
--- a/setup/config.php
+++ b/setup/config.php
@@ -12,31 +12,6 @@ require './lib/common.inc.php';
 require_once './setup/lib/Form.class.php';
 require_once './setup/lib/FormDisplay.class.php';
 
-/**
- * Returns config file contents depending on GET type value:
- * o session - uses ConfigFile::getConfigFile()
- * o post - uses POST textconfig value
- *
- * @return string
- */
-function get_config() {
-    $type = PMA_ifSetOr($_GET['type'], 'session');
-
-    if ($type == 'session') {
-        $config = ConfigFile::getInstance()->getConfigFile();
-    } else {
-        $config = PMA_ifSetOr($_POST['textconfig'], '');
-        // make sure our eol is \n
-        $config = str_replace("\r\n", "\n", $config);
-        if ($_SESSION['eol'] == 'win') {
-            $config = str_replace("\n", "\r\n", $config);
-        }
-    }
-
-    return $config;
-}
-
-
 $form_display = new FormDisplay();
 $form_display->registerForm('_config.php');
 $form_display->save('_config.php');
@@ -61,13 +36,13 @@ if (PMA_ifSetOr($_POST['submit_clear'], '')) {
 	//
     header('Content-Type: text/plain');
     header('Content-Disposition: attachment; filename="config.inc.php"');
-    echo get_config();
+    echo ConfigFile::getInstance()->getConfigFile();
     exit;
 } elseif (PMA_ifSetOr($_POST['submit_save'], '')) {
 	//
 	// Save generated config file on the server
 	//
-    file_put_contents($config_file_path, get_config());
+    file_put_contents($config_file_path, ConfigFile::getInstance()->getConfigFile());
     header('HTTP/1.1 303 See Other');
     header('Location: index.php');
     exit;
diff --git a/setup/frames/config.inc.php b/setup/frames/config.inc.php
index d2cec90c8..7ce8f5195 100644
--- a/setup/frames/config.inc.php
+++ b/setup/frames/config.inc.php
@@ -21,7 +21,7 @@ $config_exists = false;
 check_config_rw($config_readable, $config_writable, $config_exists);
 ?>
 <h2><?php echo $GLOBALS['strSetupConfigurationFile'] ?></h2>
-<?php display_form_top('config.php?type=post'); ?>
+<?php display_form_top('config.php'); ?>
 <input type="hidden" name="eol" value="<?php echo htmlspecialchars(PMA_ifSetOr($_GET['eol'], 'unix')) ?>" />
 <?php display_fieldset_top('', '', null, array('class' => 'simple')); ?>
 <tr>
@@ -35,8 +35,6 @@ check_config_rw($config_readable, $config_writable, $config_exists);
     <td class="lastrow" style="text-align: left">
         <input type="submit" name="submit_download" value="<?php echo $GLOBALS['strSetupDownload'] ?>" class="green" />
         <input type="submit" name="submit_save" value="<?php echo $GLOBALS['strSave'] ?>"<?php if (!$config_writable) echo ' disabled="disabled"' ?> />
-        &nbsp; &nbsp;
-        <input type="reset" value="<?php echo $GLOBALS['strReset'] ?>" />
     </td>
 </tr>
 <?php