From 4147d89dee4e6e51d36ee8207b61d2d6450e0afc Mon Sep 17 00:00:00 2001 From: garvinhicking Date: Thu, 30 Mar 2006 10:34:02 +0000 Subject: [PATCH] use htmlspoecialchars() for title --- index.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.php b/index.php index 62075ff..92a1af7 100644 --- a/index.php +++ b/index.php @@ -250,8 +250,8 @@ if (preg_match(PAT_ARCHIVES, $uri, $matches) || isset($serendipity['GET']['range $title = serendipity_db_query("SELECT title FROM {$serendipity['dbPrefix']}entries WHERE id=$id AND isdraft = 'false' " . (!serendipity_db_bool($serendipity['showFutureEntries']) ? " AND timestamp <= " . time() : ''), true); if (is_array($title)) { - $serendipity['head_title'] = $title[0]; - $serendipity['head_subtitle'] = $serendipity['blogTitle']; + $serendipity['head_title'] = htmlspecialchars($title[0]); + $serendipity['head_subtitle'] = htmlspecialchars($serendipity['blogTitle']); } ob_start(); -- 2.39.5