7 files changed, 28 insertions, 9 deletions

diff --git a/actions/admin/site/update_basic.php b/actions/admin/site/update_basic.php
index 97d258b65..9765182cc 100644
--- a/actions/admin/site/update_basic.php
+++ b/actions/admin/site/update_basic.php
@@ -16,7 +16,7 @@ if ($site = elgg_get_site_entity()) {
 	}
 
 	$site->description = get_input('sitedescription');
-	$site->name = get_input('sitename');
+	$site->name = strip_tags(get_input('sitename'));
 	$site->email = get_input('siteemail');
 	$site->save();
 
diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php
index 9dc17b37e..e63a149f7 100644
--- a/actions/friends/collections/add.php
+++ b/actions/friends/collections/add.php
@@ -6,7 +6,7 @@
  * @subpackage Friends.Collections
  */
 
-$collection_name = get_input('collection_name');
+$collection_name = htmlspecialchars(get_input('collection_name', '', false), ENT_QUOTES, 'UTF-8');
 $friends = get_input('friends_collection');
 
 if (!$collection_name) {
diff --git a/engine/lib/cache.php b/engine/lib/cache.php
index 59359124e..3116c1a9b 100644
--- a/engine/lib/cache.php
+++ b/engine/lib/cache.php
@@ -208,6 +208,7 @@ function elgg_get_simplecache_url($type, $view) {
 	global $CONFIG;
 	$lastcache = (int)$CONFIG->lastcache;
 	$viewtype = elgg_get_viewtype();
+	elgg_register_simplecache_view("$type/$view");// see #5302
 	if (elgg_is_simplecache_enabled()) {
 		$url = elgg_get_site_url() . "cache/$type/$viewtype/$view.$lastcache.$type";
 	} else {
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index a49b620ac..fb652a141 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -93,10 +93,17 @@ function elgg_register_library($name, $location) {
  * @return void
  * @throws InvalidParameterException
  * @since 1.8.0
+ * @todo return boolean in 1.9 to indicate whether the library has been loaded
  */
 function elgg_load_library($name) {
 	global $CONFIG;
 
+	static $loaded_libraries = array();
+
+	if (in_array($name, $loaded_libraries)) {
+		return;
+	}
+
 	if (!isset($CONFIG->libraries)) {
 		$CONFIG->libraries = array();
 	}
@@ -113,6 +120,8 @@ function elgg_load_library($name) {
 		);
 		throw new InvalidParameterException($error);
 	}
+
+	$loaded_libraries[] = $name;
 }
 
 /**
diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php
index 93716f7cd..78cdde90f 100644
--- a/install/ElggInstaller.php
+++ b/install/ElggInstaller.php
@@ -1414,7 +1414,7 @@ class ElggInstaller {
 		$submissionVars['wwwroot'] = sanitise_filepath($submissionVars['wwwroot']);
 
 		$site = new ElggSite();
-		$site->name = $submissionVars['sitename'];
+		$site->name = strip_tags($submissionVars['sitename']);
 		$site->url = $submissionVars['wwwroot'];
 		$site->access_id = ACCESS_PUBLIC;
 		$site->email = $submissionVars['siteemail'];
diff --git a/mod/search/search_hooks.php b/mod/search/search_hooks.php
index 47351fb8a..92c6d700a 100644
--- a/mod/search/search_hooks.php
+++ b/mod/search/search_hooks.php
@@ -178,11 +178,20 @@ function search_users_hook($hook, $type, $value, $params) {
 		$entity->setVolatileData('search_matched_title', $title);
 
 		$matched = '';
-		foreach ($profile_fields as $md) {
-			$text = $entity->$md;
-			if (stristr($text, $query)) {
-				$matched .= elgg_echo("profile:{$md}") . ': '  
-						. search_get_highlighted_relevant_substrings($text, $query);
+		foreach ($profile_fields as $md_name) {
+			$metadata = $entity->$md_name;
+			if (is_array($metadata)) {
+				foreach ($metadata as $text) {
+					if (stristr($text, $query)) {
+						$matched .= elgg_echo("profile:{$md_name}") . ': '
+								. search_get_highlighted_relevant_substrings($text, $query);
+					}
+				}
+			} else {
+				if (stristr($metadata, $query)) {
+					$matched .= elgg_echo("profile:{$md_name}") . ': '
+							. search_get_highlighted_relevant_substrings($metadata, $query);
+				}
 			}
 		}
 
diff --git a/views/default/output/access.php b/views/default/output/access.php
index 91c5c721e..5c8d62c4d 100644
--- a/views/default/output/access.php
+++ b/views/default/output/access.php
@@ -11,7 +11,7 @@ if (isset($vars['entity']) && elgg_instanceof($vars['entity'])) {
 	$access_id = $vars['entity']->access_id;
 	$access_class = 'elgg-access';
 	$access_id_string = get_readable_access_level($access_id);
-	$access_id_string = htmlentities($access_id_string, ENT_QUOTES, 'UTF-8');
+	$access_id_string = htmlspecialchars($access_id_string, ENT_QUOTES, 'UTF-8', false);
 
 	// if within a group or shared access collection display group name and open/closed membership status
 	// @todo have a better way to do this instead of checking against subtype / class.