- $dbhost = Strings::removeTags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST)));
- $dbuser = Strings::removeTags(trim(defaults($_POST, 'dbuser', '')));
- $dbpass = Strings::removeTags(trim(defaults($_POST, 'dbpass', '')));
- $dbdata = Strings::removeTags(trim(defaults($_POST, 'dbdata', '')));
+ $dbhost = Strings::escapeTags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST)));
+ $dbuser = Strings::escapeTags(trim(defaults($_POST, 'dbuser', '')));
+ $dbpass = Strings::escapeTags(trim(defaults($_POST, 'dbpass', '')));
+ $dbdata = Strings::escapeTags(trim(defaults($_POST, 'dbdata', '')));
// If we cannot connect to the database, return to the previous step
if (!self::$installer->checkDB($dbhost, $dbuser, $dbpass, $dbdata)) {
// If we cannot connect to the database, return to the previous step
if (!self::$installer->checkDB($dbhost, $dbuser, $dbpass, $dbdata)) {
- $dbhost = Strings::removeTags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST)));
- $dbuser = Strings::removeTags(trim(defaults($_POST, 'dbuser', '')));
- $dbpass = Strings::removeTags(trim(defaults($_POST, 'dbpass', '')));
- $dbdata = Strings::removeTags(trim(defaults($_POST, 'dbdata', '')));
- $timezone = Strings::removeTags(trim(defaults($_POST, 'timezone', Core\Installer::DEFAULT_TZ)));
- $language = Strings::removeTags(trim(defaults($_POST, 'language', Core\Installer::DEFAULT_LANG)));
- $adminmail = Strings::removeTags(trim(defaults($_POST, 'adminmail', '')));
+ $dbhost = Strings::escapeTags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST)));
+ $dbuser = Strings::escapeTags(trim(defaults($_POST, 'dbuser', '')));
+ $dbpass = Strings::escapeTags(trim(defaults($_POST, 'dbpass', '')));
+ $dbdata = Strings::escapeTags(trim(defaults($_POST, 'dbdata', '')));
+ $timezone = Strings::escapeTags(trim(defaults($_POST, 'timezone', Core\Installer::DEFAULT_TZ)));
+ $language = Strings::escapeTags(trim(defaults($_POST, 'language', Core\Installer::DEFAULT_LANG)));
+ $adminmail = Strings::escapeTags(trim(defaults($_POST, 'adminmail', '')));
// If we cannot connect to the database, return to the Database config wizard
if (!self::$installer->checkDB($dbhost, $dbuser, $dbpass, $dbdata)) {
// If we cannot connect to the database, return to the Database config wizard
if (!self::$installer->checkDB($dbhost, $dbuser, $dbpass, $dbdata)) {
- $dbhost = Strings::removeTags(trim(defaults($_POST, 'dbhost' , Core\Installer::DEFAULT_HOST)));
- $dbuser = Strings::removeTags(trim(defaults($_POST, 'dbuser' , '' )));
- $dbpass = Strings::removeTags(trim(defaults($_POST, 'dbpass' , '' )));
- $dbdata = Strings::removeTags(trim(defaults($_POST, 'dbdata' , '' )));
- $phpath = Strings::removeTags(trim(defaults($_POST, 'phpath' , '' )));
- $adminmail = Strings::removeTags(trim(defaults($_POST, 'adminmail', '' )));
+ $dbhost = Strings::escapeTags(trim(defaults($_POST, 'dbhost' , Core\Installer::DEFAULT_HOST)));
+ $dbuser = Strings::escapeTags(trim(defaults($_POST, 'dbuser' , '' )));
+ $dbpass = Strings::escapeTags(trim(defaults($_POST, 'dbpass' , '' )));
+ $dbdata = Strings::escapeTags(trim(defaults($_POST, 'dbdata' , '' )));
+ $phpath = Strings::escapeTags(trim(defaults($_POST, 'phpath' , '' )));
+ $adminmail = Strings::escapeTags(trim(defaults($_POST, 'adminmail', '' )));
$tpl = Renderer::getMarkupTemplate('install_db.tpl');
$output .= Renderer::replaceMacros($tpl, [
$tpl = Renderer::getMarkupTemplate('install_db.tpl');
$output .= Renderer::replaceMacros($tpl, [
- $dbhost = Strings::removeTags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST)));
- $dbuser = Strings::removeTags(trim(defaults($_POST, 'dbuser', '' )));
- $dbpass = Strings::removeTags(trim(defaults($_POST, 'dbpass', '' )));
- $dbdata = Strings::removeTags(trim(defaults($_POST, 'dbdata', '' )));
- $phpath = Strings::removeTags(trim(defaults($_POST, 'phpath', '' )));
+ $dbhost = Strings::escapeTags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST)));
+ $dbuser = Strings::escapeTags(trim(defaults($_POST, 'dbuser', '' )));
+ $dbpass = Strings::escapeTags(trim(defaults($_POST, 'dbpass', '' )));
+ $dbdata = Strings::escapeTags(trim(defaults($_POST, 'dbdata', '' )));
+ $phpath = Strings::escapeTags(trim(defaults($_POST, 'phpath', '' )));