BUGFIX: Removed XSS holes (from r94821)

code/GroupSubsites.php

@@ -99,10 +99,10 @@ class GroupSubsites extends DataObjectDecorator implements PermissionProvider {
 	 */
 	function alternateTreeTitle() {
 		if($this->owner->AccessAllSubsites) {
-			return $this->owner->Title . ' <i>(global group)</i>';
+			return htmlspecialchars($this->owner->Title, ENT_QUOTES) . ' <i>(global group)</i>';
 		} else {
 			$subsites = Convert::raw2xml(implode(", ", $this->owner->Subsites()->column('Title')));
-			return $this->owner->Title . " <i>($subsites)</i>";
+			return htmlspecialchars($this->owner->Title) . " <i>($subsites)</i>";
 		}
 	}
 

code/LeftAndMainSubsites.php

@@ -20,7 +20,7 @@ class LeftAndMainSubsites extends Extension {
 	 */
 	function getCMSTreeTitle() {
 		$subsite = Subsite::currentSubSite();
-		return $subsite ? $subsite->Title : null;
+		return $subsite ? htmlspecialchars($subsite->Title, ENT_QUOTES) : 'Site Content';
 	}
 	
 	function updatePageOptions(&$fields) {
@@ -99,7 +99,7 @@ class LeftAndMainSubsites extends Extension {
 			foreach($list as $subsite) {
 				$selected = $subsite->ID == $currentSubsiteID ? ' selected="selected"' : '';
 		
-				$output .= "\n<option value=\"{$subsite->ID}\"$selected>{$subsite->Title}</option>";
+				$output .= "\n<option value=\"{$subsite->ID}\"$selected>".htmlspecialchars($subsite->Title, ENT_QUOTES)."</option>";
 			}
 		
 			$output .= '</select>';