From 597c0a4e519e14ba42c77b518a44789e3a8067b0 Mon Sep 17 00:00:00 2001
From: Cash Costello <cash.costello@gmail.com>
Date: Tue, 5 Mar 2013 07:34:18 -0500
Subject: Fixes #5165 handling html tags passed as tags

---
 engine/lib/metadata.php           | 2 +-
 views/default/output/tag.php      | 1 +
 views/default/output/tagcloud.php | 2 ++
 views/default/output/tags.php     | 1 +
 4 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php
index 2fa491963..35b7b4dfb 100644
--- a/engine/lib/metadata.php
+++ b/engine/lib/metadata.php
@@ -774,10 +774,10 @@ function string_to_tag_array($string) {
 		$ar = explode(",", $string);
 		$ar = array_map('trim', $ar);
 		$ar = array_filter($ar, 'is_not_null');
+		$ar = array_map('strip_tags', $ar);
 		return $ar;
 	}
 	return false;
-
 }
 
 /**
diff --git a/views/default/output/tag.php b/views/default/output/tag.php
index 3c002a31b..3e1f1c320 100644
--- a/views/default/output/tag.php
+++ b/views/default/output/tag.php
@@ -20,6 +20,7 @@ if (!empty($vars['object'])) {
 }
 
 if (isset($vars['value'])) {
+	$vars['value'] = htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8', false);
 	if (!empty($vars['type'])) {
 		$type = "&type={$vars['type']}";
 	} else {
diff --git a/views/default/output/tagcloud.php b/views/default/output/tagcloud.php
index a212becd8..2fbf1cd0a 100644
--- a/views/default/output/tagcloud.php
+++ b/views/default/output/tagcloud.php
@@ -39,6 +39,8 @@ if (!empty($vars['tagcloud']) && is_array($vars['tagcloud'])) {
 	
 	$cloud = '';
 	foreach ($vars['tagcloud'] as $tag) {
+		$tag->tag = htmlspecialchars($tag->tag, ENT_QUOTES, 'UTF-8', false);
+
 		if ($cloud != '') {
 			$cloud .= ', ';
 		}
diff --git a/views/default/output/tags.php b/views/default/output/tags.php
index 3082dd41e..41fd5f168 100644
--- a/views/default/output/tags.php
+++ b/views/default/output/tags.php
@@ -55,6 +55,7 @@ if (!empty($vars['tags'])) {
 	$list_items = '<li>' . elgg_view_icon('tag', $icon_class) . '</li>';
 
 	foreach($vars['tags'] as $tag) {
+		$tag = htmlspecialchars($tag, ENT_QUOTES, 'UTF-8', false);
 		if (!empty($vars['type'])) {
 			$type = "&type={$vars['type']}";
 		} else {
-- 
cgit v1.2.3