Security: Fix couple of XSS issues in Installer (#7406)

CHANGELOG

@@ -34,6 +34,7 @@ CHANGELOG Roundcube Webmail
 - Fix error when user-configured skin does not exist anymore (#7271)
 - Elastic: Fix aspect ratio of a contact photo in mail preview (#7339)
 - Fix bug where PDF attachments marked as inline could have not been attached on mail forward (#7382)
+- Security: Fix couple of XSS issues in Installer (#7406)
 
 RELEASE 1.4.4
 -------------

installer/test.php

@@ -139,7 +139,7 @@ if ($RCI->configured) {
         else {
             $RCI->fail('DSN (write)', $db_error_msg);
             echo '<p class="hint">Make sure that the configured database exists and that the user has write privileges<br />';
-            echo 'DSN: ' . $RCI->config['db_dsnw'] . '</p>';
+            echo 'DSN: ' . rcube::Q($RCI->config['db_dsnw']) . '</p>';
         }
     }
     else {
@@ -297,15 +297,15 @@ if ($pass == '%p') {
   </tr>
   <tr>
     <td><label for="smtp_port">Port</label></td>
-    <td><?php echo $RCI->getprop('smtp_port'); ?></td>
+    <td><?php echo rcube::Q($RCI->getprop('smtp_port')); ?></td>
   </tr>
   <tr>
     <td><label for="smtp_user">Username</label></td>
-    <td><?php echo $user; ?></td>
+    <td><?php echo rcube::Q($user); ?></td>
   </tr>
   <tr>
     <td><label for="smtp_pass">Password</label></td>
-    <td><?php echo $pass; ?></td>
+    <td><?php echo rcube::Q($pass); ?></td>
   </tr>
 </tbody>
 </table>