escape passwords for email content (new email-account, new ftp-account and new database); fixes #905

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

lib/Froxlor/Api/Commands/EmailAccounts.php

@@ -192,7 +192,7 @@ class EmailAccounts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Reso
 				$replace_arr = array(
 					'EMAIL' => $email_full,
 					'USERNAME' => $username,
-					'PASSWORD' => $password,
+					'PASSWORD' => htmlentities(htmlentities($password)),
 					'SALUTATION' => \Froxlor\User::getCorrectUserSalutation($customer),
 					'NAME' => $customer['name'],
 					'FIRSTNAME' => $customer['firstname'],

lib/Froxlor/Api/Commands/Ftps.php

@@ -245,7 +245,7 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit
 						'COMPANY' => $customer['company'],
 						'CUSTOMER_NO' => $customer['customernumber'],
 						'USR_NAME' => $username,
-						'USR_PASS' => $password,
+						'USR_PASS' => htmlentities(htmlentities($password)),
 						'USR_PATH' => \Froxlor\FileDir::makeCorrectDir(str_replace($customer['documentroot'], "/", $path))
 					);
 					// get template for mail subject

lib/Froxlor/Api/Commands/Mysqls.php

@@ -130,7 +130,7 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 				'COMPANY' => $userinfo['company'],
 				'CUSTOMER_NO' => $userinfo['customernumber'],
 				'DB_NAME' => $username,
-				'DB_PASS' => $password,
+				'DB_PASS' => htmlentities(htmlentities($password)),
 				'DB_DESC' => $databasedescription,
 				'DB_SRV' => $sql_root['host'],
 				'PMA_URI' => $pma