- $dbhost = notags(trim(defaults($_POST, 'dbhost' , Core\Installer::DEFAULT_HOST)));
- $dbuser = notags(trim(defaults($_POST, 'dbuser' , '' )));
- $dbpass = notags(trim(defaults($_POST, 'dbpass' , '' )));
- $dbdata = notags(trim(defaults($_POST, 'dbdata' , '' )));
- $phpath = notags(trim(defaults($_POST, 'phpath' , '' )));
- $adminmail = notags(trim(defaults($_POST, 'adminmail', '' )));
-
- $tpl = get_markup_template('install_db.tpl');
- $output .= replace_macros($tpl, [
+ $dbhost = Strings::escapeTags(trim(defaults($_POST, 'dbhost' , Core\Installer::DEFAULT_HOST)));
+ $dbuser = Strings::escapeTags(trim(defaults($_POST, 'dbuser' , '' )));
+ $dbpass = Strings::escapeTags(trim(defaults($_POST, 'dbpass' , '' )));
+ $dbdata = Strings::escapeTags(trim(defaults($_POST, 'dbdata' , '' )));
+ $phpath = Strings::escapeTags(trim(defaults($_POST, 'phpath' , '' )));
+ $adminmail = Strings::escapeTags(trim(defaults($_POST, 'adminmail', '' )));
+
+ $tpl = Renderer::getMarkupTemplate('install_db.tpl');
+ $output .= Renderer::replaceMacros($tpl, [