use htmlspoecialchars() for title

diff --git a/index.php b/index.php
index 62075ff25c32ff49314cec614acaf5a774dedf91..92a1af7bd46b89c9b780f74cdcd9b63a80645985 100644 (file)
--- a/index.php
+++ b/index.php
@@ -250,8 +250,8 @@ if (preg_match(PAT_ARCHIVES, $uri, $matches) || isset($serendipity['GET']['range
 
     $title = serendipity_db_query("SELECT title FROM {$serendipity['dbPrefix']}entries WHERE id=$id AND isdraft = 'false' " . (!serendipity_db_bool($serendipity['showFutureEntries']) ? " AND timestamp <= " . time() : ''), true);
     if (is_array($title)) {
-        $serendipity['head_title']    = $title[0];
-        $serendipity['head_subtitle'] = $serendipity['blogTitle'];
+        $serendipity['head_title']    = htmlspecialchars($title[0]);
+        $serendipity['head_subtitle'] = htmlspecialchars($serendipity['blogTitle']);
     }
 
     ob_start();