From 8db4074d4d0d5e86684eb8c53d63ea5f7ea468d2 Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Tue, 15 Aug 2023 21:18:50 -0700
Subject: [PATCH] HTML escape more stuff

---
 cluster-software/install_pack.cgi | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/cluster-software/install_pack.cgi b/cluster-software/install_pack.cgi
index cba1de9e0..78dcd4218 100755
--- a/cluster-software/install_pack.cgi
+++ b/cluster-software/install_pack.cgi
@@ -22,10 +22,12 @@ else {
 
 if ($in{source} == 0) {
 	# installing from local file (or maybe directory)
-	if (!$in{'local'})
-		{ &install_error($text{'install_elocal'}); }
-	if (!-r $in{'local'})
-		{ &install_error(&text('install_elocal2', $in{'local'})); }
+	if (!$in{'local'}) {
+		&install_error($text{'install_elocal'});
+		}
+	if (!-r $in{'local'}) {
+		&install_error(&text('install_elocal2', &html_escape($in{'local'})));
+		}
 	$source = $in{'local'};
 	$pfile = $in{'local'};
 	$filename = $in{'local'};