diff --git a/Core/App/AppController.php b/Core/App/AppController.php
index 1910311926..407038efbe 100644
--- a/Core/App/AppController.php
+++ b/Core/App/AppController.php
@@ -211,9 +211,9 @@ private function newUserPassword()
         $pass2 = $this->request->request->get('fsNewPasswd2');
 
         if ($pass != $pass2) {
-            ToolBox::i18nLog()->warning('different-passwords', ['%userNick%' => $nick]);
+            ToolBox::i18nLog()->warning('different-passwords', ['%userNick%' => htmlspecialchars($nick)]);
             return;
-        } elseif ($user->loadFromCode($nick) && $this->request->request->get('fsDbPasswd') == FS_DB_PASS) {
+        } elseif ($user->loadFromCode($nick) && $this->request->request->get('fsDbPasswd') === FS_DB_PASS) {
             $user->setPassword($pass);
             $user->save();
             ToolBox::i18nLog()->notice('record-updated-correctly');