diff --git a/html/install.php b/html/install.php
index ea0a9640a39a..81c783665fb0 100644
--- a/html/install.php
+++ b/html/install.php
@@ -3,7 +3,12 @@
 if (empty($_POST) && !empty($_SESSION) && !isset($_REQUEST['stage'])) {
     $_POST = $_SESSION;
 } elseif (!file_exists("../config.php")) {
-    $_SESSION = array_replace($_SESSION, $_POST);
+    $allowed_vars = array('stage','build-ok','dbhost','dbuser','dbpass','dbname','dbport','dbsocket','add_user','add_pass','add_email');
+    foreach ($allowed_vars as $allowed) {
+        if (isset($_POST[$allowed])) {
+            $_SESSION[$allowed] = $_POST[$allowed];
+        }
+    }
 }
 
 $stage = isset($_POST['stage']) ? $_POST['stage'] : 0;