]> source.dussan.org Git - nextcloud-server.git/commitdiff
Prevent self-xss via invalid mysql user name on install screen 19831/head
authorJoas Schilling <coding@schilljs.com>
Fri, 6 Mar 2020 13:39:13 +0000 (14:39 +0100)
committerbackportbot[bot] <backportbot[bot]@users.noreply.github.com>
Sat, 7 Mar 2020 13:22:13 +0000 (13:22 +0000)
Signed-off-by: Joas Schilling <coding@schilljs.com>
core/templates/installation.php

index de9427a74d8dd42e35095d923c2cb1cc529183aa..36f5f5bfc6d61c33d12c580e0c19a1c075390e23 100644 (file)
@@ -15,10 +15,10 @@ script('core', [
                <?php foreach($_['errors'] as $err): ?>
                <p>
                        <?php if(is_array($err)):?>
-                               <?php print_unescaped($err['error']); ?>
-                               <span class='hint'><?php print_unescaped($err['hint']); ?></span>
+                               <?php p($err['error']); ?>
+                               <span class='hint'><?php p($err['hint']); ?></span>
                        <?php else: ?>
-                               <?php print_unescaped($err); ?>
+                               <?php p($err); ?>
                        <?php endif; ?>
                </p>
                <?php endforeach; ?>