1 files changed, 2 insertions, 2 deletions

diff --git a/functions.php b/functions.php
index 73ef85774..0c1a959a7 100644
--- a/functions.php
+++ b/functions.php
@@ -1601,7 +1601,7 @@
 				$is_selected = "";
 			}
 			printf("<option $is_selected value='%d'>%s</option>", 
-				$line["id"], db_unescape_string($line["title"]));
+				$line["id"], htmlspecialchars(db_unescape_string($line["title"])));
 		}
 	
 		print "</select>";
@@ -1630,7 +1630,7 @@
 				$is_selected = "";
 			}
 			printf("<option $is_selected value='%d'>%s</option>", 
-				$line["id"], $line["title"]);
+				$line["id"], htmlspecialchars(db_unescape_string($line["title"])));
 		}
 
 		print "</select>";