Fix missing escaping (possible XSS) of category names in the Backend

Entry Admin, which would allow editors that create a forged
category name to attack other editors in the backend (privileged
access to the backend required).
Thanks a lot to Edric Teo for reporting this issue.

docs/NEWS

@@ -39,6 +39,12 @@ Version 2.1 ()
 Version 2.0.1 ()
 ------------------------------------------------------------------------
 
+   * Fix missing escaping (possible XSS) of category names in the Backend 
+     Entry Admin, which would allow editors that create a forged
+     category name to attack other editors in the backend (privileged
+     access to the backend required).
+     Thanks a lot to Edric Teo for reporting this issue.
+     
    * Improved detection for possible upgrade/plugin/PHP errors. A
      warning will be emitted on the dashboard, when the Serendipity
      JavaScript-library could not be loaded.

templates/2k11/admin/entries.tpl

@@ -141,7 +141,7 @@
                         <span class="cat_view_pad">{$entry_cat.depth_pad}</span>
                         <input id="serendipity_category_{$entry_cat.categoryid}" name="serendipity[categories][]" type="checkbox" value="{$entry_cat.categoryid}"{if $entry_cat.is_selected} checked="checked"{/if}>
 
-                        <label for="serendipity_category_{$entry_cat.categoryid}">{$entry_cat.category_name}</label>
+                        <label for="serendipity_category_{$entry_cat.categoryid}">{$entry_cat.category_name|escape}</label>
                     </div>
                 {/foreach}
                 </fieldset>