Fix bug: Subtitle was not escaped

diff --git a/data/templates/default/top.inc.php b/data/templates/default/top.inc.php
index 17ec982983a98e56e974a27180bf726572637d54..f2adba4b647d3be7a3575c0396314c951ed4aa3e 100644 (file)
--- a/data/templates/default/top.inc.php
+++ b/data/templates/default/top.inc.php
@@ -49,7 +49,7 @@ if(!isset($_GET['popup'])) {
 
 <?php
 if (isset($subtitle)) {
-       echo '<h2>'. $subtitle ."</h2>\n";
+       echo '<h2>'. htmlspecialchars($subtitle) ."</h2>\n";
 }
 if(DEBUG_MODE) {
        echo '<p class="error">'. T_('Admins, your installation is in "Debug Mode" ($debugMode = true). To go in "Normal Mode" and hide debugging messages, change $debugMode to false into config.php.') ."</p>\n";

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 1c5f36f0d4d13b7587a15efa6df7237efddd336a..05a64051d52453443d78ed9128fe4e1b1dba55af 100644 (file)
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -6,6 +6,7 @@ ChangeLog for SemantiScuttle
 0.98.4 - 2011-XX-XX
 -------------------
 - Fix bug: URLs were escaped too often in bookmark list
+- Fix bug: Subtitle was not escaped
 
 
 0.98.3 - 2011-08-09