use htmlspecialchars for title

diff --git a/index.php b/index.php
index 9e9677db8dda025df197029e0c2ce74fec986d21..b6c04b178bffb0e3ac503bd61e4223912701c3fc 100644 (file)
--- a/index.php
+++ b/index.php
@@ -250,8 +250,8 @@ if (preg_match(PAT_ARCHIVES, $uri, $matches) || isset($serendipity['GET']['range
 
     $title = serendipity_db_query("SELECT title FROM {$serendipity['dbPrefix']}entries WHERE id=$id AND isdraft = 'false' " . (!serendipity_db_bool($serendipity['showFutureEntries']) ? " AND timestamp <= " . time() : ''), true);
     if (is_array($title)) {
-        $serendipity['head_title']    = $title[0];
-        $serendipity['head_subtitle'] = $serendipity['blogTitle'];
+        $serendipity['head_title']    = htmlspecialchars($title[0]);
+        $serendipity['head_subtitle'] = htmlspecialchars($serendipity['blogTitle']);
     }
 
     ob_start();