Index: install.php
===================================================================
RCS file: /cvs/drupal/drupal/install.php,v
retrieving revision 1.15
diff -u -p -r1.15 install.php
--- install.php	6 Sep 2006 07:46:25 -0000	1.15
+++ install.php	8 Sep 2006 05:23:09 -0000
@@ -125,7 +125,9 @@ function install_verify_settings() {
  * Configure and rewrite settings.php.
  */
 function install_change_settings() {
-  global $profile, $install_locale, $db_url, $db_type, $db_prefix;
+  global $db_url, $db_type, $db_prefix;
+  $profile = preg_replace('/[^a-zA-Z_0-9]/', '', $_GET['profile']);
+  $install_locale = preg_replace('/[^a-zA-Z_0-9]/', '', $_GET['locale']);
 
   $url = parse_url($db_url);
   $db_user = urldecode($url['user']);