Index: controllers/explorer_controller.php
===================================================================
--- controllers/explorer_controller.php	(revision 544)
+++ controllers/explorer_controller.php	(working copy)
@@ -76,13 +76,13 @@
       // Split the query so that we have a list of tags/categories/locations.
       // For now we split at whitespaces, improvements could be made to not
       // split multiple tags/categories/locations enclosed in quotation marks
-      $quicksearch = preg_split('/\s+/', trim($quicksearch));
+      $words = preg_split('/\s+/', trim($quicksearch));
 
       // Reduce results to 6 
       $this->Search->setShow(6);
 
       // Add tag to the query
-      $this->Search->addTags($quicksearch);
+      $this->Search->addTags($words);
       // Set variable dataTags for view
       $this->Search->setTagOp('OR');
       $this->set('dataTags', $this->Search->paginate());
@@ -90,13 +90,13 @@
       $this->Search->delTags();
       $this->Search->delTagOp();
 
-      $this->Search->addCategories($quicksearch);
+      $this->Search->addCategories($words);
       $this->Search->setCategoryOp('OR');
       $this->set('dataCategories', $this->Search->paginate());
       $this->Search->delCategories();
       $this->Search->delCategoryOp();
 
-      $this->Search->addLocations($quicksearch);
+      $this->Search->addLocations($words);
       $this->Search->setLocationOp('OR');
       $this->set('dataLocations', $this->Search->paginate());
       $this->Search->delLocations();
Index: views/explorer/quicksearch.ctp
===================================================================
--- views/explorer/quicksearch.ctp	(revision 544)
+++ views/explorer/quicksearch.ctp	(working copy)
@@ -12,7 +12,7 @@
 
 if (count($dataTags) + count($dataCategories) + count($dataLocations) == 0): ?>
 <div class="info">
-Sorry, nothing was found for <?php echo $quicksearch; ?>
+Sorry, nothing was found for <?php echo h($quicksearch); ?>
 </div>
 <?php endif; ?>