2 files changed, 6 insertions, 4 deletions

diff --git a/actions/systemsettings/install.php b/actions/systemsettings/install.php
index 41a2a8b22..c4f563beb 100644
--- a/actions/systemsettings/install.php
+++ b/actions/systemsettings/install.php
@@ -22,6 +22,7 @@ if (get_input('settings') == 'go') {
 		// Sanitise
 		$path = sanitise_filepath(get_input('path'));
 		$dataroot = sanitise_filepath(get_input('dataroot'));
+		$url = sanitise_filepath(get_input('wwwroot'));
 
 		// Blank?
 		if ($dataroot == "/") {
@@ -40,7 +41,7 @@ if (get_input('settings') == 'go') {
 
 		$site = new ElggSite();
 		$site->name = get_input('sitename');
-		$site->url = get_input('wwwroot');
+		$site->url = $url;
 		$site->description = get_input('sitedescription');
 		$site->email = get_input('siteemail');
 		$site->access_id = ACCESS_PUBLIC;
diff --git a/engine/lib/input.php b/engine/lib/input.php
index abc2d6811..f59061312 100644
--- a/engine/lib/input.php
+++ b/engine/lib/input.php
@@ -14,7 +14,7 @@
  *
  * Note: this function does not handle nested arrays (ex: form input of param[m][n])
  * because of the filtering done in htmlawed from the filter_tags call.
- * 
+ *
  * @param $variable string The variable we want to return.
  * @param $default mixed A default value for the variable if it is not found.
  * @param $filter_result If true then the result is filtered for bad tags.
@@ -52,7 +52,7 @@ function get_input($variable, $default = "", $filter_result = true) {
 
 /**
  * Sets an input value that may later be retrieved by get_input
- * 
+ *
  * Note: this function does not handle nested arrays (ex: form input of param[m][n])
  *
  * @param string $variable The name of the variable
@@ -96,7 +96,8 @@ function sanitise_filepath($path) {
 
 	// Sort trailing slash
 	$path = trim($path);
-	$path = rtrim($path, " /");
+	// rtrim defaults plus /
+	$path = rtrim($path, " \n\t\0\x0B/");
 	$path = $path . "/";
 
 	return $path;