Merge pull request #987 from ArthurHoaro/hotfix/security-issue

Fix security issue reported by @chb9

diff --combined index.php
index c2552ce8662ef48034c8f3c3f7bfd56039489a1d,8f0179e5e3984e0251488b0fc08cc898a1f33053..4068a828f10293ee40a8e245e5052e908cbe8bf3
--- 1/index.php
--- 2/index.php
+++ b/index.php
@@@ -88,7 -88,7 +88,7 @@@ try 
      exit;
  }
  
 -define('shaarli_version', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE));
 +define('SHAARLI_VERSION', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE));
  
  // Force cookie path (but do not change lifetime)
  $cookie = session_get_cookie_params();
@@@ -840,7 -840,7 +840,7 @@@ function renderPage($conf, $pluginManag
          }
  
          $data = array(
-             'search_tags' => implode(' ', $filteringTags),
+             'search_tags' => implode(' ', escape($filteringTags)),
              'tags' => $tagList,
          );
          $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn()));
@@@ -870,7 -870,7 +870,7 @@@
          }
  
          $data = [
-             'search_tags' => implode(' ', $filteringTags),
+             'search_tags' => implode(' ', escape($filteringTags)),
              'tags' => $tags,
          ];
          $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]);
@@@ -1443,7 -1443,7 +1443,7 @@@
  
              if ($url == '') {
                  $url = '?' . smallHash($linkdate . $LINKSDB->getNextId());
 -                $title = 'Note: ';
 +                $title = $conf->get('general.default_note_title', 'Note: ');
              }
              $url = escape($url);
              $title = escape($title);