Escape generated password in mobileconfig

Escape ampersand, less than, greater than to avoid generating invalid XML. Fixes #7171
2026-06-15 02:50:33 +00:00 · 2026-05-24 11:52:12 +02:00
1 changed files with 1 additions and 0 deletions
@@ -65,6 +65,7 @@ if (isset($_GET['app_password'])) {
      $attr['protocols'][] = 'dav_access';
  }
  app_passwd("add", $attr);
  $password = htmlspecialchars($password, ENT_NOQUOTES);
 } else {
  $app_password = false;
 }