From 79877df57cc084c94174fcbbe4fc21417a296ae3 Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Sat, 29 Apr 2017 16:56:58 -0700
Subject: [PATCH] Escape output from the init script

---
 mysql/mysql-lib.pl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mysql/mysql-lib.pl b/mysql/mysql-lib.pl
index fa3d25c0a..17d1c4596 100755
--- a/mysql/mysql-lib.pl
+++ b/mysql/mysql-lib.pl
@@ -1001,7 +1001,7 @@ local $temp = &transname();
 local $rv = &system_logged("($config{'start_cmd'}) >$temp 2>&1");
 local $out = `cat $temp`; unlink($temp);
 if ($rv || $out =~ /failed/i) {
-	return "<pre>$out</pre>";
+	return "<pre>".&html_escape($out)."</pre>";
 	}
 return undef;
 }
@@ -1019,7 +1019,7 @@ else {
 	$out = &backquote_logged("$config{'mysqladmin'} $authstr shutdown 2>&1");
 	}
 if ($? || $out =~ /failed/i) {
-	return "<pre>$out</pre>";
+	return "<pre>".&html_escape($out)."</pre>";
 	}
 return undef;
 }