From 585b09af3ab20878eb533c7df258f33c9e3d971e Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Fri, 6 Mar 2020 14:39:13 +0100
Subject: [PATCH] Prevent self-xss via invalid mysql user name on install
 screen

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 core/templates/installation.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/core/templates/installation.php b/core/templates/installation.php
index c0afc311939..e4a232fc965 100644
--- a/core/templates/installation.php
+++ b/core/templates/installation.php
@@ -15,10 +15,10 @@ script('core', [
 		<?php foreach($_['errors'] as $err): ?>
 		<p>
 			<?php if(is_array($err)):?>
-				<?php print_unescaped($err['error']); ?>
-				<span class='hint'><?php print_unescaped($err['hint']); ?></span>
+				<?php p($err['error']); ?>
+				<span class='hint'><?php p($err['hint']); ?></span>
 			<?php else: ?>
-				<?php print_unescaped($err); ?>
+				<?php p($err); ?>
 			<?php endif; ?>
 		</p>
 		<?php endforeach; ?>
-- 
GitLab