Fixes #5165 handling html tags passed as tags

4 files changed, 5 insertions, 1 deletions

diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php
index 2fa491963..35b7b4dfb 100644
--- a/engine/lib/metadata.php
+++ b/engine/lib/metadata.php
@@ -774,10 +774,10 @@ function string_to_tag_array($string) {
 		$ar = explode(",", $string);
 		$ar = array_map('trim', $ar);
 		$ar = array_filter($ar, 'is_not_null');
+		$ar = array_map('strip_tags', $ar);
 		return $ar;
 	}
 	return false;
-
 }
 
 /**
diff --git a/views/default/output/tag.php b/views/default/output/tag.php
index 3c002a31b..3e1f1c320 100644
--- a/views/default/output/tag.php
+++ b/views/default/output/tag.php
@@ -20,6 +20,7 @@ if (!empty($vars['object'])) {
 }
 
 if (isset($vars['value'])) {
+	$vars['value'] = htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8', false);
 	if (!empty($vars['type'])) {
 		$type = "&type={$vars['type']}";
 	} else {
diff --git a/views/default/output/tagcloud.php b/views/default/output/tagcloud.php
index a212becd8..2fbf1cd0a 100644
--- a/views/default/output/tagcloud.php
+++ b/views/default/output/tagcloud.php
@@ -39,6 +39,8 @@ if (!empty($vars['tagcloud']) && is_array($vars['tagcloud'])) {
 	
 	$cloud = '';
 	foreach ($vars['tagcloud'] as $tag) {
+		$tag->tag = htmlspecialchars($tag->tag, ENT_QUOTES, 'UTF-8', false);
+
 		if ($cloud != '') {
 			$cloud .= ', ';
 		}
diff --git a/views/default/output/tags.php b/views/default/output/tags.php
index 3082dd41e..41fd5f168 100644
--- a/views/default/output/tags.php
+++ b/views/default/output/tags.php
@@ -55,6 +55,7 @@ if (!empty($vars['tags'])) {
 	$list_items = '<li>' . elgg_view_icon('tag', $icon_class) . '</li>';
 
 	foreach($vars['tags'] as $tag) {
+		$tag = htmlspecialchars($tag, ENT_QUOTES, 'UTF-8', false);
 		if (!empty($vars['type'])) {
 			$type = "&type={$vars['type']}";
 		} else {