Index: /trunk/admin/config.php.example
===================================================================
--- /trunk/admin/config.php.example	(revision 590)
+++ /trunk/admin/config.php.example	(revision 591)
@@ -16,4 +16,8 @@
 // do not define both with
 // $free_graph_width = 120;
+
+// only enable if you have password protection for admin page
+// enabling this option will cause user to eval() whatever code they want
+$enable_eval = false;
 
 // this function is detected by xcache.tpl.php, and enabled if function_exists
Index: /trunk/admin/edit.php
===================================================================
--- /trunk/admin/edit.php	(revision 590)
+++ /trunk/admin/edit.php	(revision 591)
@@ -12,10 +12,22 @@
 
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
-	eval('$value = ' . $_POST['value']);
+	if ($enable_eval) {
+		eval('$value = ' . $_POST['value']);
+	}
+	else {
+		$value = $_POST['value'];
+	}
 	xcache_set($name, $value);
 	header("Location: xcache.php?type=" . XC_TYPE_VAR);
 	exit;
 }
-$value = var_export(xcache_get($name), true);
+$value = xcache_get($name);
+if ($enable_eval) {
+	$value = var_export($value, true);
+	$editable = true;
+}
+else {
+	$editable = is_string($value);
+}
 
 $xcache_version = XCACHE_VERSION;
Index: /trunk/admin/edit.tpl.php
===================================================================
--- /trunk/admin/edit.tpl.php	(revision 590)
+++ /trunk/admin/edit.tpl.php	(revision 591)
@@ -7,5 +7,5 @@
 	<fieldset>
 		<legend><?php echo sprintf(_T("Editing Variable %s"), $h_name); ?></legend>
-		<textarea name="value" style="width: 100%; height: 200px; overflow-y: auto"><?php echo $h_value; ?></textarea><br>
+		<textarea name="value" style="width: 100%; height: 200px; overflow-y: auto" <?php echo $editable ? "" : "disabled=disabled"; ?>><?php echo $h_value; ?></textarea><br>
 		<input type="submit">
 	</fieldset>