diff --git a/installer/styles.css b/installer/styles.css
index 339b6b583..70e3e1109 100644
--- a/installer/styles.css
+++ b/installer/styles.css
@@ -224,8 +224,8 @@ a.removelink {
 p.warning,
 div.warning {
   padding: 1em;
-  background-color: #ef9398;
-  border: 2px solid #dc5757;
+  background-color: #ffff66;
+  border: 1px solid #ffc300;
 }
 
 h3.warning {
diff --git a/program/include/rcmail_install.php b/program/include/rcmail_install.php
index cd7782514..1fee0afab 100644
--- a/program/include/rcmail_install.php
+++ b/program/include/rcmail_install.php
@@ -1031,6 +1031,21 @@ class rcmail_install
         $this->last_error = $p;
     }
 
+    /**
+     * Content of the logon warning about enabled installer
+     */
+    public static function logonWarning()
+    {
+        return html::div(
+            ['id' => 'login-addon', 'style' => 'background:#ffff66; border:1px solid #ffc300; padding:0.5em; margin:2em auto; width:50em'],
+            '<h2>The Installer is still accessible</h2>'
+            . '<p>The install script of your Roundcube installation is still available to everyone!</p>'
+            . '<p>Please <b>remove</b> the <tt>public_html/installer.php</tt> file from the Roundcube directory because'
+            . ' it may expose sensitive configuration data like server passwords and encryption keys'
+            . ' to the public. Make sure you cannot access <a href="installer.php">the script</a> from your browser.</p>'
+        );
+    }
+
     /**
      * Check if vendor/autoload.php was created by Roundcube and left untouched
      *
diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php
index 5613c6f40..857b67b4e 100644
--- a/program/include/rcmail_output_html.php
+++ b/program/include/rcmail_output_html.php
@@ -1084,7 +1084,10 @@ class rcmail_output_html extends rcmail_output
                 $prefix = str_repeat('../', count($path) + 1);
             }
 
-            if (!str_starts_with($location, $prefix . 'static.php') && !str_starts_with($location, 'data:')) {
+            if (!str_starts_with($location, $prefix . 'static.php')
+                && !str_starts_with($location, 'data:')
+                && !str_ends_with($location, '.php')
+            ) {
                 $location = $prefix . 'static.php/' . $location;
             }
         }
diff --git a/public_html/index.php b/public_html/index.php
index e30623c50..f8a0c4973 100644
--- a/public_html/index.php
+++ b/public_html/index.php
@@ -229,15 +229,9 @@ if (empty($RCMAIL->user->ID)) {
         $RCMAIL->output->send('iframe');
     }
 
-    // check if installer is still active
+    // Display a warning if installer is active
     if ($RCMAIL->config->get('enable_installer') && is_readable(__DIR__ . '/installer.php')) {
-        $RCMAIL->output->add_footer(html::div(['id' => 'login-addon', 'style' => 'background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em'],
-            html::tag('h2', ['style' => 'margin-top:0.2em'], 'The Installer is still accessible')
-            . html::p(null, 'The install script of your Roundcube installation is still available to everyone!')
-            . html::p(null, 'Please <b>remove</b> the <tt>public_html/installer.php</tt> file from the Roundcube directory because
-                it may expose sensitive configuration data like server passwords and encryption keys
-                to the public. Make sure you cannot access <a href="installer.php">the script</a> from your browser.')
-        ));
+        $RCMAIL->output->add_footer(rcmail_install::logonWarning());
     }
 
     $plugin = $RCMAIL->plugins->exec_hook('unauthenticated', [