html escape the raw message

author Friendika <info@friendika.com>

Tue, 16 Nov 2010 03:27:15 +0000 (19:27 -0800)

committer Friendika <info@friendika.com>

Tue, 16 Nov 2010 03:27:15 +0000 (19:27 -0800)
author Friendika <info@friendika.com>
Tue, 16 Nov 2010 03:27:15 +0000 (19:27 -0800)
committer Friendika <info@friendika.com>
Tue, 16 Nov 2010 03:27:15 +0000 (19:27 -0800)
diff --git a/mod/install.php b/mod/install.php

index 21aafe3e180cb4cdc8c3d5440eb6af9ed7ae8406..2a791b98c8188ddcdbee99d99939cebea627ae59 100644 (file)
--- a/mod/install.php
+++ b/mod/install.php
@@ -117,13 +117,14 @@ function check_htconfig() {
                 $o .= t('If not, you may be required to perform a manual installation. Please see the file "INSTALL" for instructions.'); 
         }
  
-return $o;
+       return $o;
  }
  
         
  function manual_config(&$a) {
+       $data = htmlentities($a->data);
         $o = t('The database configuration file ".htconfig.php" could not be written. Please use the enclosed text to create a configuration file in your web server root.');
-       $o .= "<textarea rows=\"24\" cols=\"80\" >{$a->data}</textarea>";
+       $o .= "<textarea rows=\"24\" cols=\"80\" >$data</textarea>";
         return $o;
  }
author	Friendika <info@friendika.com>
	Tue, 16 Nov 2010 03:27:15 +0000 (19:27 -0800)
committer	Friendika <info@friendika.com>
	Tue, 16 Nov 2010 03:27:15 +0000 (19:27 -0800)