From: garvinhicking <garvinhicking>
Date: Thu, 30 Mar 2006 10:34:08 +0000 (+0000)
Subject: use htmlspecialchars for title
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=cd591931b7bd093f2dbfff68a6fcd73bcb829f01;p=s9y.git

use htmlspecialchars for title
---

diff --git a/index.php b/index.php
index 9e9677d..b6c04b1 100644
--- a/index.php
+++ b/index.php
@@ -250,8 +250,8 @@ if (preg_match(PAT_ARCHIVES, $uri, $matches) || isset($serendipity['GET']['range
 
     $title = serendipity_db_query("SELECT title FROM {$serendipity['dbPrefix']}entries WHERE id=$id AND isdraft = 'false' " . (!serendipity_db_bool($serendipity['showFutureEntries']) ? " AND timestamp <= " . time() : ''), true);
     if (is_array($title)) {
-        $serendipity['head_title']    = $title[0];
-        $serendipity['head_subtitle'] = $serendipity['blogTitle'];
+        $serendipity['head_title']    = htmlspecialchars($title[0]);
+        $serendipity['head_subtitle'] = htmlspecialchars($serendipity['blogTitle']);
     }
 
     ob_start();