prevent xss

diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php
index fb63200123eb39908b4dda63ad573098c76605a9..3337449a6c01d1f32d9195275f2d3eedada5b8d2 100644 (file)
--- a/core/templates/layout.user.php
+++ b/core/templates/layout.user.php
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html>
        <head>
-               <title><?php echo isset($_['application']) && !empty($_['application'])?$_['application'].' | ':'' ?>ownCloud <?php echo OC_User::getDisplayName()?' ('.OC_User::getDisplayName().') ':'' ?></title>
+               <title><?php echo isset($_['application']) && !empty($_['application'])?$_['application'].' | ':'' ?>ownCloud <?php echo OC_User::getDisplayName()?' ('.OC_Util::sanitizeHTML(OC_User::getDisplayName()).') ':'' ?></title>
                <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
                <link rel="shortcut icon" href="<?php echo image_path('', 'favicon.png'); ?>" /><link rel="apple-touch-icon-precomposed" href="<?php echo image_path('', 'favicon-touch.png'); ?>" />
                <?php foreach($_['cssfiles'] as $cssfile): ?>