From 6acfbc6f4942c0eedb60678e20fa0abfeb7d21e3 Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Tue, 20 Nov 2012 14:05:01 +0000
Subject: Resolves #2294. Base64 encode the file when sending to the browser
 same way it is encoded when sent to us. This prevents csrf from mangling
 things

---
 usr/local/www/edit.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/usr/local/www/edit.php b/usr/local/www/edit.php
index a87dfa4..84d366e 100644
--- a/usr/local/www/edit.php
+++ b/usr/local/www/edit.php
@@ -53,6 +53,7 @@ if($_POST['action']) {
 				if($data === false) {
 					echo "|1|" . gettext("Failed to read file") . ".|";
 				} else {
+					$data = base64_encode($data);
 					echo "|0|{$_POST['file']}|{$data}|";	
 				}
 			}
@@ -114,8 +115,9 @@ outputJavaScriptFileInline("javascript/base64.js");
 
 		if(values.shift() == "0") {
 			var file = values.shift();
+			var fileContent = Base64.decode(values.join("|"));
 			$("fileStatus").innerHTML = "<?=gettext("File successfully loaded"); ?>.";
-			$("fileContent").value    = values.join("|");
+			$("fileContent").value = fileContent; 
 
 			var lang = "none";
 				 if(file.indexOf(".php") > 0) lang = "php";
-- 
cgit v1.1