From 6861c02857c8d9a2b4328ab6986229ef888578c1 Mon Sep 17 00:00:00 2001
From: Blake Walters <blakews@bwaltersx.boulder.cpbgroup.com>
Date: Mon, 28 Sep 2009 15:52:15 -0600
Subject: [PATCH] added better sanitization to articles layout

---
 views/modules/articles/articles.ctp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/views/modules/articles/articles.ctp b/views/modules/articles/articles.ctp
index 85b973d..4cd6c89 100644
--- a/views/modules/articles/articles.ctp
+++ b/views/modules/articles/articles.ctp
@@ -7,9 +7,9 @@
 	$count = 0;
 	$dates = array(); 
 	foreach ($articless as $row) {
-		$articleTitle = $row['Datarow']['title'];
-		$articleUrl = substr($row["Datarow"]["articleId"], strrpos($row["Datarow"]["articleId"], "http://") , 300);
-		$articleDescription = $row['Datarow']['content'];
+		$articleTitle = str_replace(array('>','<'),array('&gt;','&lt;'),strip_tags($row['Datarow']['title']));
+		$articleUrl = substr(htmlentities($row["Datarow"]["articleId"]), strrpos($row["Datarow"]["articleId"], "http://") , 300);
+		$articleDescription = str_replace(array('>','<'),array('&gt;','&lt;'),strip_tags($row['Datarow']['content']));
 		$articledate = date('M d, Y', strtotime($row['Datarow']['published']));
 		$author = $row['Datarow']['author'];
 		$id = $row['Datarow']['id'];