diff --git a/adm_config_report.php b/adm_config_report.php
index 8c0f017dbe..37e8189e47 100644
--- a/adm_config_report.php
+++ b/adm_config_report.php
@@ -218,7 +218,17 @@ function check_config_value( $p_config ) {
 $t_edit_option          = gpc_get_string( 'config_option', $t_filter_config_value == META_FILTER_NONE ? '' : $t_filter_config_value );
 $t_edit_type            = gpc_get_string( 'type', CONFIG_TYPE_DEFAULT );
 $t_edit_value           = gpc_get_string( 'value', '' );
-$t_edit_action          = gpc_get_string( 'action', 'action_create' );
+
+$f_edit_action          = gpc_get_string( 'action', MANAGE_CONFIG_ACTION_CREATE );
+# Ensure we exclusively use one of the defined, valid actions (XSS protection)
+$t_valid_actions = array(
+	MANAGE_CONFIG_ACTION_CREATE,
+	MANAGE_CONFIG_ACTION_CLONE,
+	MANAGE_CONFIG_ACTION_EDIT
+);
+$t_edit_action = in_array( $f_edit_action, $t_valid_actions )
+	? $f_edit_action
+	: MANAGE_CONFIG_ACTION_CREATE;
 
 # Apply filters
 
@@ -443,7 +453,7 @@ function check_config_value( $p_config ) {
 					'config_option' => $v_config_id,
 					'type'          => $v_type,
 					'value'         => $v_value,
-					'action'        => 'action_edit',
+					'action'        => MANAGE_CONFIG_ACTION_EDIT,
 				),
 				OFF );
 			echo '</div>';
@@ -459,7 +469,7 @@ function check_config_value( $p_config ) {
 					'config_option' => $v_config_id,
 					'type'          => $v_type,
 					'value'         => $v_value,
-					'action'        => 'action_clone',
+					'action'        => MANAGE_CONFIG_ACTION_CLONE,
 				),
 				OFF );
 			echo '</div>';
@@ -514,7 +524,7 @@ function check_config_value( $p_config ) {
 		<div class="widget-header widget-header-small">
 		<h4 class="widget-title lighter">
 			<i class="ace-icon fa fa-sliders"></i>
-			<?php echo lang_get( 'set_configuration_option_' . $t_edit_action ) ?>
+			<?php echo lang_get( 'set_configuration_option_action_' . $t_edit_action ) ?>
 			</h4>
 		</div>
 
@@ -605,7 +615,7 @@ function check_config_value( $p_config ) {
 		<div class="widget-toolbox padding-4 clearfix">
 			<input type="hidden" name="action" value="<?php echo $t_edit_action; ?>" />
 			<input type="submit" name="config_set" class="btn btn-primary btn-white btn-round"
-				value="<?php echo lang_get( 'set_configuration_option_' . $t_edit_action ) ?>"/>
+				value="<?php echo lang_get( 'set_configuration_option_action_' . $t_edit_action ) ?>"/>
 		</div>
 	</div>
 	</div>
diff --git a/adm_config_set.php b/adm_config_set.php
index 23c894770e..c9e41e97a7 100644
--- a/adm_config_set.php
+++ b/adm_config_set.php
@@ -134,7 +134,7 @@
 	}
 }
 
-if( 'action_edit' === $f_edit_action ){
+if( MANAGE_CONFIG_ACTION_EDIT === $f_edit_action ){
 	# EDIT action doesn't keep original if key values are different.
 	if ( $f_original_config_option !== $f_config_option
 			|| $f_original_user_id !== $f_user_id
diff --git a/admin/install.php b/admin/install.php
index 7aad216fde..4fcec7f5ea 100644
--- a/admin/install.php
+++ b/admin/install.php
@@ -408,17 +408,17 @@ function print_test( $p_test_description, $p_result, $p_hard_fail = true, $p_mes
 	$t_result = @$g_db->Connect( $f_hostname, $f_admin_username, $f_admin_password );
 
 	if( $t_result ) {
-		# check if db exists for the admin
-		$t_result = @$g_db->Connect( $f_hostname, $f_admin_username, $f_admin_password, $f_database_name );
-	}
-	if( $t_result ) {
-		$t_db_open = true;
-		$f_db_exists = true;
-
 		# due to a bug in ADODB, this call prompts warnings, hence the @
 		# the check only works on mysql if the database is open
 		$t_version_info = @$g_db->ServerInfo();
 
+		# check if db exists for the admin
+		$t_result = @$g_db->Connect( $f_hostname, $f_admin_username, $f_admin_password, $f_database_name );
+		if( $t_result ) {
+			$t_db_open = true;
+			$f_db_exists = true;
+		}
+
 		print_test_result( GOOD );
 	} else {
 		print_test_result( BAD, true, 'Does administrative user have access to the database? ( ' . db_error_msg() . ' )' );
diff --git a/core/constant_inc.php b/core/constant_inc.php
index 0c18cb6e06..11b30d861d 100644
--- a/core/constant_inc.php
+++ b/core/constant_inc.php
@@ -685,4 +685,7 @@
 # SLIM FRAMEWORK ATTRIBUTES
 define( 'ATTRIBUTE_FORCE_API_ENABLED', 'force_enable_api' );
 
-
+# Configuration management actions (adm_config_report.php)
+define( 'MANAGE_CONFIG_ACTION_CREATE', 'create' );
+define( 'MANAGE_CONFIG_ACTION_CLONE', 'clone' );
+define( 'MANAGE_CONFIG_ACTION_EDIT', 'edit' );
diff --git a/docbook/Admin_Guide/en-US/Revision_History.xml b/docbook/Admin_Guide/en-US/Revision_History.xml
index 57f5d2904a..68bf65bd08 100644
--- a/docbook/Admin_Guide/en-US/Revision_History.xml
+++ b/docbook/Admin_Guide/en-US/Revision_History.xml
@@ -5,6 +5,34 @@
 	<title>Revision History</title>
 	<simpara>
 		<revhistory>
+			<revision>
+				<revnumber>2.2-2</revnumber>
+				<date>Sun Mar 12 2017</date>
+				<author>
+					<firstname>Victor</firstname>
+					<surname>Boctor</surname>
+					<email>vboctor@mantisbt.org</email>
+				</author>
+				<revdescription>
+					<simplelist>
+						<member>Release 2.2.1</member>
+					</simplelist>
+				</revdescription>
+			</revision>
+			<revision>
+				<revnumber>1.3-18</revnumber>
+				<date>Sun Mar 12 2017</date>
+				<author>
+					<firstname>Victor</firstname>
+					<surname>Boctor</surname>
+					<email>vboctor@mantisbt.org</email>
+				</author>
+				<revdescription>
+					<simplelist>
+						<member>Release 1.3.7</member>
+					</simplelist>
+				</revdescription>
+			</revision>
 			<revision>
 				<revnumber>2.2-1</revnumber>
 				<date>Sun Feb 26 2017</date>
diff --git a/docbook/Developers_Guide/en-US/Revision_History.xml b/docbook/Developers_Guide/en-US/Revision_History.xml
index 618a287142..f1ea111b3e 100644
--- a/docbook/Developers_Guide/en-US/Revision_History.xml
+++ b/docbook/Developers_Guide/en-US/Revision_History.xml
@@ -7,6 +7,34 @@
 	<title>Revision History</title>
 	<simpara>
 		<revhistory>
+			<revision>
+				<revnumber>2.2-2</revnumber>
+				<date>Sun Mar 12 2017</date>
+				<author>
+					<firstname>Victor</firstname>
+					<surname>Boctor</surname>
+					<email>vboctor@mantisbt.org</email>
+				</author>
+				<revdescription>
+					<simplelist>
+						<member>Release 2.2.1</member>
+					</simplelist>
+				</revdescription>
+			</revision>
+			<revision>
+				<revnumber>1.3-18</revnumber>
+				<date>Sun Mar 12 2017</date>
+				<author>
+					<firstname>Victor</firstname>
+					<surname>Boctor</surname>
+					<email>vboctor@mantisbt.org</email>
+				</author>
+				<revdescription>
+					<simplelist>
+						<member>Release 1.3.7</member>
+					</simplelist>
+				</revdescription>
+			</revision>
 			<revision>
 				<revnumber>2.2-1</revnumber>
 				<date>Sun Feb 26 2017</date>