From 93c33f0eb39ee582bf3763ac1149e8ab01e2bdb9 Mon Sep 17 00:00:00 2001
From: Friendika <info@friendika.com>
Date: Mon, 15 Nov 2010 19:27:15 -0800
Subject: [PATCH] html escape the raw message

---
 mod/install.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/mod/install.php b/mod/install.php
index 21aafe3e18..2a791b98c8 100644
--- a/mod/install.php
+++ b/mod/install.php
@@ -117,13 +117,14 @@ function check_htconfig() {
 		$o .= t('If not, you may be required to perform a manual installation. Please see the file "INSTALL" for instructions.'); 
 	}
 
-return $o;
+	return $o;
 }
 
 	
 function manual_config(&$a) {
+	$data = htmlentities($a->data);
 	$o = t('The database configuration file ".htconfig.php" could not be written. Please use the enclosed text to create a configuration file in your web server root.');
-	$o .= "<textarea rows=\"24\" cols=\"80\" >{$a->data}</textarea>";
+	$o .= "<textarea rows=\"24\" cols=\"80\" >$data</textarea>";
 	return $o;
 }