From e3ad632231a0ba67bcac5bd26df032bdfec4af36 Mon Sep 17 00:00:00 2001
From: Will Rossiter <will.rossiter@gmail.com>
Date: Mon, 6 Jun 2011 12:53:47 +1200
Subject: [PATCH] BUGFIX: Escape username and password when printed out in
 install success screen. FIXES: #6652 (via ash).

---
 code/controller/ContentController.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/code/controller/ContentController.php b/code/controller/ContentController.php
index 940e41cc..ea3f2f18 100755
--- a/code/controller/ContentController.php
+++ b/code/controller/ContentController.php
@@ -445,8 +445,8 @@ HTML;
 		
 		$title = new Varchar("Title");
 		$content = new HTMLText("Content");
-		$username = Session::get('username');
-		$password = Session::get('password');
+		$username = Convert::raw2xml(Session::get('username'));
+		$password = Convert::raw2xml(Session::get('password'));
 		$title->setValue("Installation Successful");
 		global $project;
 		$tutorialOnly = ($project == 'tutorial') ? "<p>This website is a simplistic version of a SilverStripe 2 site. To extend this, please take a look at <a href=\"http://doc.silverstripe.org/doku.php?id=tutorials\">our new tutorials</a>.</p>" : '';
@@ -474,8 +474,8 @@ HTML
 		$title = new Varchar("Title");
 		$content = new HTMLText("Content");
 		$tempcontent = '';
-		$username = Session::get('username');
-		$password = Session::get('password');
+		$username = Convert::raw2xml(Session::get('username'));
+		$password = Convert::raw2xml(Session::get('password'));
 
 		// We can't delete index.php as it might be necessary for URL routing without mod_rewrite.
 		// There's no safe way to detect usage of mod_rewrite across webservers,