added better sanitization to articles layout

bskahan · Sep 28, 2009 · 6861c02 · 6861c02
1 parent c49f9df
commit 6861c02
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/views/modules/articles/articles.ctp b/views/modules/articles/articles.ctp
@@ -7,9 +7,9 @@
 	$count = 0;
 	$dates = array(); 
 	foreach ($articless as $row) {
-		$articleTitle = $row['Datarow']['title'];
-		$articleUrl = substr($row["Datarow"]["articleId"], strrpos($row["Datarow"]["articleId"], "http://") , 300);
-		$articleDescription = $row['Datarow']['content'];
+		$articleTitle = str_replace(array('>','<'),array('&gt;','&lt;'),strip_tags($row['Datarow']['title']));
+		$articleUrl = substr(htmlentities($row["Datarow"]["articleId"]), strrpos($row["Datarow"]["articleId"], "http://") , 300);
+		$articleDescription = str_replace(array('>','<'),array('&gt;','&lt;'),strip_tags($row['Datarow']['content']));
 		$articledate = date('M d, Y', strtotime($row['Datarow']['published']));
 		$author = $row['Datarow']['author'];
 		$id = $row['Datarow']['id'];