diff options
Diffstat (limited to 'phpBB/install/install_update.php')
| -rw-r--r-- | phpBB/install/install_update.php | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/phpBB/install/install_update.php b/phpBB/install/install_update.php index 88b00f1cf1..7f40015002 100644 --- a/phpBB/install/install_update.php +++ b/phpBB/install/install_update.php @@ -71,7 +71,7 @@ class install_update extends module function main($mode, $sub) { - global $style, $template, $phpEx, $phpbb_root_path, $user, $db, $config, $cache, $auth, $language; + global $phpbb_style, $template, $phpEx, $phpbb_root_path, $user, $db, $config, $cache, $auth, $language; global $request; $this->tpl_name = 'install_update'; @@ -862,7 +862,14 @@ class install_update extends module $test_connection = false; if ($test_ftp_connection || $submit) { - $transfer = new $method(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', '')); + $transfer = new $method( + request_var('host', ''), + request_var('username', ''), + htmlspecialchars_decode($request->untrimmed_variable('password', '')), + request_var('root_path', ''), + request_var('port', ''), + request_var('timeout', '') + ); $test_connection = $transfer->open_session(); // Make sure that the directory is correct by checking for the existence of common.php @@ -948,7 +955,14 @@ class install_update extends module } else { - $transfer = new $method(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', '')); + $transfer = new $method( + request_var('host', ''), + request_var('username', ''), + htmlspecialchars_decode($request->untrimmed_variable('password', '')), + request_var('root_path', ''), + request_var('port', ''), + request_var('timeout', '') + ); $transfer->open_session(); } |