add missing string escapes

don't create <a> tag if LeftLogoLink is empty

libraries/header_scripts.inc.php

@@ -82,7 +82,7 @@ foreach ($GLOBALS['js_include'] as $js_script_file) {
 // Updates the title of the frameset if possible (ns4 does not allow this)
 if (typeof(parent.document) != 'undefined' && typeof(parent.document) != 'unknown'
     && typeof(parent.document.title) == 'string') {
-    parent.document.title = '<?php echo PMA_sanitize(PMA_escapeJsString($title)); ?>';
+    parent.document.title = '<?php echo PMA_sanitize(PMA_escapeJsString(htmlspecialchars($title))); ?>';
 }
 
 <?php

libraries/navigation_header.inc.php

@@ -30,22 +30,26 @@ if ($GLOBALS['cfg']['LeftDisplayLogo']) {
             .'alt="' . $logo . '" id="imgpmalogo" />';
     }
 
-    echo '<div id="pmalogo">' . "\n"
-        .'<a href="' . $GLOBALS['cfg']['LeftLogoLink'];
+    echo '<div id="pmalogo">' . "\n";
+    if ($GLOBALS['cfg']['LeftLogoLink']) {
+        echo '<a href="' . htmlspecialchars($GLOBALS['cfg']['LeftLogoLink']);
         switch ($GLOBALS['cfg']['LeftLogoLinkWindow']) {
             case 'new':
                 echo '" target="_blank"';
                 break;
             case 'main':
                 // do not add our parameters for an external link
-            if (substr(strtolower($GLOBALS['cfg']['LeftLogoLink']), 0, 4) !== 'http') {
+                if (substr(strtolower($GLOBALS['cfg']['LeftLogoLink']), 0, 4) !== '://') {
                     echo '?' . $query_url . '" target="frame_content"';
                 } else {
-                echo '"';
+                    echo '" target="_blank"';
                 }
         }
-    echo '>' . $logo . '</a>' . "\n"
-        .'</div>' . "\n";
+        echo '>' . $logo . '</a>' . "\n";
+    } else {
+        echo $logo . "\n";
+    }
+    echo '</div>' . "\n";
 } // end of display logo
 ?>
 <div id="leftframelinks">