escape the installation name; html code was broken when one had quotes in the name

git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@750 b3834d28-1941-0410-a4f8-b48e95affb8f

1 files changed, 6 insertions, 3 deletions

diff --git a/data/templates/top.inc.php b/data/templates/top.inc.php
index 830da65..b1ffa14 100644
--- a/data/templates/top.inc.php
+++ b/data/templates/top.inc.php
@@ -5,15 +5,18 @@
   <title><?php echo filter($GLOBALS['sitename'] .(isset($pagetitle) ? ' » ' . $pagetitle : '')); ?></title>
   <link rel="icon" type="image/png" href="<?php echo ROOT ?>icon.png" />
   <link rel="stylesheet" type="text/css" href="<?php echo ROOT ?>scuttle.css" />
-  <link rel="search" type="application/opensearchdescription+xml" href="<?php echo ROOT ?>api/opensearch.php" title="<?php echo $GLOBALS['sitename'] ?>"/>
+  <link rel="search" type="application/opensearchdescription+xml" href="<?php echo ROOT ?>api/opensearch.php" title="<?php echo htmlspecialchars($GLOBALS['sitename']) ?>"/>
 <?php
-if(isset($rsschannels)) {
+if (isset($rsschannels)) {
 	$size = count($rsschannels);
 	for ($i = 0; $i < $size; $i++) {
-		echo '  <link rel="alternate" type="application/rss+xml" title="'. $rsschannels[$i][0] .'" href="'. $rsschannels[$i][1] .'" />';
+		echo '  <link rel="alternate" type="application/rss+xml" title="'
+            . htmlspecialchars($rsschannels[$i][0]) . '"'
+            . ' href="'. $rsschannels[$i][1] .'" />';
 	}
 }
 ?>
+
   <link rel="stylesheet" type="text/css"
 	href="http://ajax.googleapis.com/ajax/libs/dojo/1.2/dijit/themes/nihilo/nihilo.css" />