use htmlspecialchars()

diff --git a/include/admin/entries.inc.php b/include/admin/entries.inc.php
index 18ae23748953ec7696f4fc514266c0684fde5cac..c7fe843e373e82472dc9e439b83d959accbdb0ec 100644 (file)
--- a/include/admin/entries.inc.php
+++ b/include/admin/entries.inc.php
@@ -231,7 +231,7 @@ function serendipity_drawList() {
                 <table width="100%" cellspacing="0" cellpadding="3">
                     <tr>
                         <td>
-                            <strong><?php echo $entry_pre; ?><a href="?serendipity[action]=admin&amp;serendipity[adminModule]=entries&amp;serendipity[adminAction]=edit&amp;serendipity[id]=<?php echo $entry['id']; ?>" title="#<?php echo $entry['id']; ?>"><?php echo serendipity_truncateString($entry['title'],50) ?></a></strong>
+                            <strong><?php echo $entry_pre; ?><a href="?serendipity[action]=admin&amp;serendipity[adminModule]=entries&amp;serendipity[adminAction]=edit&amp;serendipity[id]=<?php echo $entry['id']; ?>" title="#<?php echo $entry['id']; ?>"><?php echo serendipity_truncateString(htmlspecialchars($entry['title']),50) ?></a></strong>
                         </td>
                         <td align="right">
                             <?php echo serendipity_formatTime(DATE_FORMAT_SHORT, $entry['timestamp']) . ' ' .$lm; ?>